Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
In the latest iteration, Qakbot operators are using DLL sideloading to deliver malware, a technique that places legitimate and malicious files together in a common directory to avoid detection.
Dark Reading Staff
July 25, 2022
1 Min Read
Source: Vladyslav Yushynov via Alamy
Known for its constant evolution, Qakbot malware has returned with a new twist — the use of .DLL sideloading to execute the malicious file.
Researchers from Cyble recently warned that the threat group behind Qakbot (aka QBot) is after system credentials it can use to steal money through fraud, identity theft, and more. They added that Qakbot is very active at the moment.
Qakbot attacks rely on email phishing lures for initial access, the analysts said. But its latest iteration leverages DLL sideloading as a way to hide malware from detection. By including benign applications alongside malicious .DLL library files, the attackers are able to execute and deliver the malware payload undetected.
"The threat actors behind Qakbot are highly active and are continuously evolving their methods to increase their efficacy and impact," the Cyble team said in its latest report on Qakbot's activities. "Apart from the direct financial impact, this can also lead to incidences of fraud, identity theft, and other consequences for any victim of Qakbot malware."
About the Author(s)
You May Also Like
A screen displaying many different types of charts and graphs to show what data is being analyzed.Cybersecurity Analytics