Malware

QBot malware operation examined

QBot malware, also known as QakBot and Pinkslipbot, has been leveraging an adaptable command-and-control infrastructure, with half of its servers only active for a week and a quarter only active for a day, according to The Hacker News. Residential IPs and compromised web servers, instead of virtual private servers, have been used by QBot to hide its C2 infrastructure, a report by Lumen Black Lotus Labs researchers Steve Rudd and Chris Formosa showed. Moreover, several infected bots are being transformed by QBot into proxies with the use of a backconnect server. Aside from upgrading its infrastructure, QBot has also enhanced its tactics to include HTML smuggling, and email threat takeovers. "Qakbot has persevered by adopting a field-expedient approach to build and develop its architecture. While it may not rely on sheer numbers like Emotet, it demonstrates technical craft by varying initial access methods and maintaining a resilient yet evasive residential C2 architecture," said researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Adware

You can skip this ad in 5 seconds