Security News > 2022 > July > Researchers Uncover New Attempts by Qakbot Malware to Evade Detection

Researchers Uncover New Attempts by Qakbot Malware to Evade Detection
2022-07-13 06:06

The operators behind the Qakbot malware are transforming their delivery vectors in an attempt to sidestep detection.

"Most recently, threat actors have transformed their techniques to evade detection by using ZIP file extensions, enticing file names with common formats, and Excel 4.0 to trick victims into downloading malicious attachments that install Qakbot," Zscaler Threatlabz researchers Tarun Dewan and Aditya Sharma said.

Other methods adopted by the group include code obfuscation, introducing new layers in the attack chain from initial compromise to execution, and using multiple URLs as well as unknown file extensions to deliver the payload. Also called QBot, QuackBot, or Pinkslipbot, Qakbot has been a recurring threat since late 2007, evolving from its initial days as a banking trojan to a modular information stealer capable of deploying next-stage payloads such as ransomware.

"Qakbot is a flexible post-exploitation tool that incorporates various layers of defense evasion techniques designed to minimize detections," Fortinet disclosed in December 2021.

"Qakbot's modular design and infamous resiliency in the face of traditional signature-based detection make it a desirable first choice for many financially motivated groups."

Exe to load the payload, in what the researchers described as a "Clear sign of Qakbot evolving to evade updated security practices and defenses."


News URL

https://thehackernews.com/2022/07/researchers-uncover-new-attempts-by.html