1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Qakbot returns devious new malware tricks victims by using a fak

    From TechnologyDaily@1337:1/100 to All on Fri Feb 16 18:00:06 2024
    Qakbot returns devious new malware tricks victims by using a fake Adobe installer

    Date:
    Fri, 16 Feb 2024 17:54:07 +0000

    Description:
    New variants of Qakbot are here, and want to trick us into thinking we're installing Adobe software.

    FULL STORY ======================================================================

    The infamous Qakbot malware is back, and sporting some interesting improvements, experts have warned.

    Cybersecurity researchers from Sophos have observed new distribution
    campaigns for Qakbot, the malware now comes with a fake Windows installer. Once the victim clicks on the malware, it displays a bogus installer for an Adobe product.

    The installer looks suspicious to begin with, displaying nothing but the
    words Adobe Setup. Clicking on the X button to terminate the process, the installer asks Are you sure you want to cancel Adobe installation? as it
    tries to trick the user into thinking the process is legitimate. The worst part is - it doesnt matter what the victim clicks. In every scenario, the malware is installed - as the prompt only serves as a distraction. Back with
    a vengance

    Other notable improvements include enhanced obfuscation techniques, such as advanced encryption which hides strings and C2 communications. Besides the
    XOR encryption method that was observed in earlier variants, the new Qakbot versions also use AES-256 encryption.

    Finally, the malware analyzes the endpoint for antivirus solutions and other protection tools, and checks for virtualized environments. If it deems it was installed in a sandbox, it will enter an infinite loop.

    Qakbot was severely disrupted in the summer of 2023, when US law enforcement agencies took down its infrastructure during Operation Duck Hunt. However, as no arrests were made at the time, researchers concluded that it was only a matter of time before Qakbots operators sprung back into action.

    Indeed, in December last year, Microsoft reported on a new phishing campaign distributing Qakbot and now Sophos says that up to 10 new malware builds were made since then.

    Still, it is impossible to know if the new variants were developed by the
    same people that built the original Qakbot, or if a different threat actor obtained the source code and started experimenting with fresh builds.

    Via BleepingComputer More from TechRadar Pro Qakbot malware returns, despite the FBI saying it took it out Here's a list of the best firewalls around
    today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/qakbot-returns-devious-new-malware-tric ks-victims-by-using-a-fake-adobe-installer


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)