Qakbot, a notorious malware known for its resilience, has once again emerged, leveraging a modified DLL to exploit the Windows process for persistence. This development comes in the wake of law enforcement’s dismantling of its botnet servers during Operation Duck Hunt in 2023. Researchers have identified that the malware now utilizes the srtasks.exe process, ensuring its survival even on restarted machines.
Despite efforts to curb its spread, Qakbot continues to thrive through phishing campaigns. These campaigns employ a variety of lures, including malicious attachments or links designed to deliver the malware upon user interaction. Past tactics have involved the use of malicious macros, booby-trapped OneNote files, and ISO attachments containing executables and shortcuts.
Recent observations by researchers at Microsoft have revealed a resurgence of QakBot, particularly through phishing emails themed around the IRS. These emails target specific industries, such as hospitality, during tax season, suggesting a strategic adaptation of prevalent phishing tactics to maximize infection rates. As QakBot evolves, it poses an increasingly sophisticated threat to cybersecurity, necessitating heightened vigilance and proactive measures to mitigate its impact.
