Security News > 2023 > June > Qakbot: The trojan that just won’t go away
Qakbot - banking malware-turned-malware/ransomware distribution network - has been first observed in 2007 and is active to this day.
"Qakbot operators tend to reduce or stop their spamming attacks for long periods of time on a seasonal basis, returning to activity with a modified suite of tools," Chris Formosa and Steve Rudd, researchers with Lumen's Black Lotus Labs, have noted.
Qakbot primarily spreads through email hijacking and social engineering tactics.
"Qakbot alternates its means of initial entry to stay ahead of tightening security policies and evolving defenses," the researchers explained.
In addition to switching up their malware delivery methods, Qakbot operators also use a neat trick to keep their C2 infrastructure always up and running and able to evade security solutions.
Qakbot retains resiliency by repurposing victim machines into C2s. The researchers observed that more than 25% of C2s don't remain active for more than a day, and 50% don't remain active for more than a week.