Qbot malware adapts to live another day … and another …

2023-06-05 12:15

The Qbot malware operation - which started more than a decade ago as banking trojan only to evolve into a backdoor and a delivery system for ransomware and other threats - continues to deftly adapt its techniques to stay ahead of security pros, according to a new report.

Most recently, the operators behind Qbot - also known as Qakbot and Pinkslipbot - this year have shown new methods for delivering malware and a highly adaptable command-and-control infrastructure, with a quarter of those used being active for only a day, researchers with Lumen's Black Lotus Labs threat intelligence group write.

Qbot operators often will slow the spamming attacks at times to retool the malware before resuming their activities.

The short life of a Qbot C2. The C2 servers are another area of adaptation by Qbot.

Now Windows Follina zero-day exploited to infect PCs with Qbot No more macros? No problem, say miscreants, we'll adapt Notorious Emotet botnet returns after a few months off Qbot malware's back, and latest strain relies on Visual Basic script to slip into target machines.

Converting bots into C2s. That includes converting the bot to C2 servers, which helps Qbot operators evade network defenses by reducing the ability of static blocking that relies on indications of compromise by continuously turning over the address of the C2 control points.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/06/05/qbot_malware_adaptations/

#malware