Connect with us

Hi, what are you looking for?

Tech & Science

New cyberthreat in the horizon: QakBot malware

Danger in design: The malware is modular in nature and offers a variety of capabilities.

Using SonicWall data, Beyond Identity highlights the 10 states with the most attempted malware attacks.  
Using SonicWall data, Beyond Identity highlights the 10 states with the most attempted malware attacks.   - Yuttanas // Shutterstock
Using SonicWall data, Beyond Identity highlights the 10 states with the most attempted malware attacks.   - Yuttanas // Shutterstock

Cybersecurity reports have shown that a new threat called QBot malware, also known as QakBot, is being distributed in phishing campaigns to infect Microsoft Windows devices.

Common forms of malware include computer viruses, worms, Trojans, spyware, and adware. According to the Canadian government: “The malware is modular in nature and offers a variety of capabilities, including the ability to steal sensitive data and to propagate inside a network.”

Qakbot malware further provides remote code execution capabilities. This functionality enables attackers to perform manual attacks so they can achieve secondary objectives, including scanning the compromised network or injecting ransomware.

Looking into the ramifications for Digital Journal is Max Gannon, Senior Intelligence Analyst at Cofense.

Gannon  begins by looking at this emerging threat: “As we’ve identified in our 2022 Annual State of Email Security Report, QakBot has recently become known for its frequent experiments with new delivery methods.”

In terms of the rise of this technology concern, he notes: “Just in the last two months, threat actors have experimented with six different delivery methods. These include using PDF, HTML or OneNote files as the first step in QakBot delivery.”

There are other routes that can be exploited, says Gannon: “In terms of secondary delivery steps, over the past two months QakBot has used WSF, JavaScript, LNK, Batch and HTA. The threat actors behind these campaigns have tried various combinations of primary and secondary steps, including a PDF file leading to a WSF script. Cofense Intelligence began to observe and report this specific combination on April 5.”

Further with the specific nature of the threat, Gannon  explains: “QakBot is a global threat using reply chains in multiple languages. In the past, it would reply to all chains in English but it has become more sophisticated and now uses the language of the original reply chain. This language choice also extends to the file names of attachments.” The risk appears on multiple fronts, observes Gannon: “In addition to evolving its delivery tactics and emails, QakBot has also evolved its capabilities. It was originally a banking trojan but now has the ability to deliver other malware including ransomware making it a threat that enterprises should keep a close eye on.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Tech & Science

Karim Beguir launched the artificial intelligence start-up InstaDeep in Tunisia in 2014 with just two computers and $2,000.

World

Forget it. Change the subject and move on.  

Sports

Max Verstappen rounded off a dominant weekend with victory in the first Chinese Grand Prix to extend his world championship lead.

Business

It might be worth a judicial investigation to find out how all this legal brilliance happened.