Malware, Threat Intelligence

More robust BC malware with QBot ties emerges

System hacked warning alert on laptop computer. Cyber attack on computer network, virus, spyware, malware or malicious software. Cyber security and cybercrime concept. System security technology (3)

Attackers associated with the disrupted QakBot, or QBot, malware operation have crafted a novel BackConnect payload integrated with system data exfiltration capabilities to facilitate further compromise, according to The Hacker News.

Such BC backdoor, which runs as an autonomous program, features not only old QBot samples but also IcedID's KeyHole BC and DarkVNC and was discovered within the ZLoader-distributing infrastructure, a report from Walmart's Cyber Intelligence team showed. "In this case, the malware we talk about is a standalone backdoor utilizing BackConnect as a medium to allow a threat actor to have hands-on keyboard access. This distinction is further pronounced by the fact that this backdoor collects system information," said Walmart. Walmart's findings come after the backdoor was linked by Sophos to the newly emergent ransomware operation STAC5777, which along with another nascent group STAC5143, exploited Microsoft 365 and default Microsoft Teams configurations to enable Python backdoor and Black Basta ransomware deployment.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds