Cybersecurity reports have shown that a new threat called QBot malware, also known as QakBot, is being distributed in phishing campaigns to infect Microsoft Windows devices.
Common forms of malware include computer viruses, worms, Trojans, spyware, and adware. According to the Canadian government: “The malware is modular in nature and offers a variety of capabilities, including the ability to steal sensitive data and to propagate inside a network.”
Qakbot malware further provides remote code execution capabilities. This functionality enables attackers to perform manual attacks so they can achieve secondary objectives, including scanning the compromised network or injecting ransomware.
Looking into the ramifications for Digital Journal is Max Gannon, Senior Intelligence Analyst at Cofense.
Gannon begins by looking at this emerging threat: “As we’ve identified in our 2022 Annual State of Email Security Report, QakBot has recently become known for its frequent experiments with new delivery methods.”
In terms of the rise of this technology concern, he notes: “Just in the last two months, threat actors have experimented with six different delivery methods. These include using PDF, HTML or OneNote files as the first step in QakBot delivery.”
There are other routes that can be exploited, says Gannon: “In terms of secondary delivery steps, over the past two months QakBot has used WSF, JavaScript, LNK, Batch and HTA. The threat actors behind these campaigns have tried various combinations of primary and secondary steps, including a PDF file leading to a WSF script. Cofense Intelligence began to observe and report this specific combination on April 5.”
Further with the specific nature of the threat, Gannon explains: “QakBot is a global threat using reply chains in multiple languages. In the past, it would reply to all chains in English but it has become more sophisticated and now uses the language of the original reply chain. This language choice also extends to the file names of attachments.” The risk appears on multiple fronts, observes Gannon: “In addition to evolving its delivery tactics and emails, QakBot has also evolved its capabilities. It was originally a banking trojan but now has the ability to deliver other malware including ransomware making it a threat that enterprises should keep a close eye on.”
