Top Malware Payload Families, Q4 2021 Have Qbot & ZLoader At The Top By A Lot

Qbot and ZLoader payloads targeting enterprises contributed to almost 89% of email-based malware volume in Q4 2021 according to PhishLabs by Helpsystems. The company monitors payload families reported in corporate inboxes to proactively prevent and remediate these threats.

Key findings are:

  • The Qbot banking trojan was the top payload family detected in phishing attacks in Q4, contributing to 59.3% of reports.  Qbot led all other payloads in the first half of 2021, before experiencing a dip in volume in Q3.
    • Active since 2008, Qbot is capable of logging keystrokes, stealing financial information, and compromising credentials.
  • ZLoader had the second highest payload volume among known families in Q4, contributing to almost 30% of reports. A variant of the Zeus banking trojan, ZLoader is a popular MaaS that maintained a dominant presence throughout 2021.
    • ZLoader is a multipurpose dropper often associated with the Conti and Ryuk ransomware families. Recent Zloader email campaigns delivered the malware through malicious Google ad campaigns and by exploiting Microsoft’s signature verification.

According to PhishLabs:

“Ransomware is a billion dollar business with a low barrier to entry. The tools used for a campaign and the actors behind them are in a constant state of metamorphosis as pressure to evade detection goes hand-in-hand with a successful attack. This fluidity makes it challenging for enterprises to proactively detect malicious payloads before they culminate in a ransomware attack.”

Visit: for the complete findings.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: