Security News > 2021 > December > Microsoft Details Building Blocks of Widely Active Qakbot Banking Trojan

Infection chains associated with the multi-purpose Qakbot malware have been broken down into "Distinct building blocks," an effort that Microsoft said will help to detect and block the threat in an effective manner proactively.

The Microsoft 365 Defender Threat Intelligence Team dubbed Qakbot a "Customizable chameleon that adapts to suit the needs of the multiple threat actor groups that utilize it."

More recently, spam campaigns have resulted in the deployment of a new loader called SQUIRRELWAFFLE that enables the attackers to gain an initial foothold into enterprise networks and drop malicious payloads, such as Qakbot and Cobalt Strike, on infected systems.

Now according to Microsoft, the attack chains involving Qakbot comprise of several building blocks that chart the various stages of the compromise, right from the methods adopted to distribute the malware - links, attachments, or embedded images - before carrying out an array of post-exploitation activities such as credential theft, email exfiltration, lateral movement, and the deployment of Cobalt Strike beacons and ransomware.

More often than not, Qakbot is just the first step in what's part of a larger attack, with the threat actors using the initial foothold facilitated by the malware to install additional payloads or sell the access to the highest bidder on underground forums who can then leverage it for their own ends.

"Therefore, a deeper understanding of Qakbot is paramount in building a comprehensive and coordinated defense strategy against it."

News URL

https://thehackernews.com/2021/12/microsoft-details-building-blocks-of.html