Connect with us

Hi, what are you looking for?

Tech & Science

New cyberthreat in the horizon: QakBot malware

Danger in design: The malware is modular in nature and offers a variety of capabilities.

Using SonicWall data, Beyond Identity highlights the 10 states with the most attempted malware attacks.  
Using SonicWall data, Beyond Identity highlights the 10 states with the most attempted malware attacks.   - Yuttanas // Shutterstock
Using SonicWall data, Beyond Identity highlights the 10 states with the most attempted malware attacks.   - Yuttanas // Shutterstock

Cybersecurity reports have shown that a new threat called QBot malware, also known as QakBot, is being distributed in phishing campaigns to infect Microsoft Windows devices.

Common forms of malware include computer viruses, worms, Trojans, spyware, and adware. According to the Canadian government: “The malware is modular in nature and offers a variety of capabilities, including the ability to steal sensitive data and to propagate inside a network.”

Qakbot malware further provides remote code execution capabilities. This functionality enables attackers to perform manual attacks so they can achieve secondary objectives, including scanning the compromised network or injecting ransomware.

Looking into the ramifications for Digital Journal is Max Gannon, Senior Intelligence Analyst at Cofense.

Gannon  begins by looking at this emerging threat: “As we’ve identified in our 2022 Annual State of Email Security Report, QakBot has recently become known for its frequent experiments with new delivery methods.”

In terms of the rise of this technology concern, he notes: “Just in the last two months, threat actors have experimented with six different delivery methods. These include using PDF, HTML or OneNote files as the first step in QakBot delivery.”

There are other routes that can be exploited, says Gannon: “In terms of secondary delivery steps, over the past two months QakBot has used WSF, JavaScript, LNK, Batch and HTA. The threat actors behind these campaigns have tried various combinations of primary and secondary steps, including a PDF file leading to a WSF script. Cofense Intelligence began to observe and report this specific combination on April 5.”

Further with the specific nature of the threat, Gannon  explains: “QakBot is a global threat using reply chains in multiple languages. In the past, it would reply to all chains in English but it has become more sophisticated and now uses the language of the original reply chain. This language choice also extends to the file names of attachments.” The risk appears on multiple fronts, observes Gannon: “In addition to evolving its delivery tactics and emails, QakBot has also evolved its capabilities. It was originally a banking trojan but now has the ability to deliver other malware including ransomware making it a threat that enterprises should keep a close eye on.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Business

The dollar slipped after a fresh poll put Vice President Kamala Harris ahead in Iowa, a state her rival Donald Trump won in 2016...

Tech & Science

The platform X has been aflush with praise for UAE and Azerbaijan, shared by hundreds— all of which were found to be fake.

Business

“Using Emerging Tools to enhance internal AI capabilities based on an emerging AI/ML company’s core technology.

Business

Return to office? Not necessarily with harmony since many workers have relaxed their professional standards over the pandemic period.