On December 20, Trend Micro detected the 879th TSPY_QQPASS variant in the wild. This variant joins the almost 1,200 members of the ever-growing QQPASS family that includes spyware, worms, backdoors, Trojans, and even scripts. In recent months, QQPASS has consistently been one of the most prevalent Trojan spyware (TSPY) around based on actual customer submissions.
This information-stealing threat family targets Tencent QQ, an instant messaging application hugely popular in Mainland China and South Africa. It hooks an infected computer’s keyboard and mouse to steal QQlogin information.
Proof of its notoriety is the news-grabbing event it stirred in Japan last October. One of QQPASS’ worm variants was found to be infecting more than 10,000 MP3 players given away by McDonald’s Japan as prizes. The event prompted a public apology and a mass recall operation from the fast-food chain.
In an article, Miray Lozada, Associate Engineer at Trend Micro, documents QQPASS’s behavior and describes how stolen information can be used by the malware author. The writer further infers that monetary reward is the motive pushing this threat family to stay in the wild for so long and evolve with the changing threat landscape.
Read the article here: QQ Me… But TC :(.
