Qakbot Is Back With a New Trick: DLL Sideloading

In the latest iteration, Qakbot operators are using DLL sideloading to deliver malware, a technique that places legitimate and malicious files together in a common directory to avoid detection.

Dark Reading Staff, Dark Reading

July 25, 2022

1 Min Read
Image of a malware warning displayed on a mobile device screen
Source: Vladyslav Yushynov via Alamy

Known for its constant evolution, Qakbot malware has returned with a new twist — the use of .DLL sideloading to execute the malicious file.

Researchers from Cyble recently warned that the threat group behind Qakbot (aka QBot) is after system credentials it can use to steal money through fraud, identity theft, and more. They added that Qakbot is very active at the moment.

Qakbot attacks rely on email phishing lures for initial access, the analysts said. But its latest iteration leverages DLL sideloading as a way to hide malware from detection. By including benign applications alongside malicious .DLL library files, the attackers are able to execute and deliver the malware payload undetected.

"The threat actors behind Qakbot are highly active and are continuously evolving their methods to increase their efficacy and impact," the Cyble team said in its latest report on Qakbot's activities. "Apart from the direct financial impact, this can also lead to incidences of fraud, identity theft, and other consequences for any victim of Qakbot malware."

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights