Qakbot remains dangerous

B2B Cyber ​​Security ShortNews

Share post

Sophos X-Ops has discovered and analyzed a new variant of the Qakbot malware. These cases first emerged in mid-December and show that the Qakbot malware has continued to evolve despite law enforcement's successful dismantling of the botnet infrastructure last August.

The attackers use even better methods to cover their tracks. The cases analyzed by Sophos X-Ops show that cybercriminals made concerted efforts to strengthen the malware's encryption. This has made it more difficult for defenders to analyze the malicious code. Additionally, attackers now encrypt all communications between the malware and the control server using a stronger method than in previous versions. The malware also reintroduced a previously removed feature that prevents it from running in a virtual environment or sandbox.

Creator of Qakbot still active

Only if the creators of the bot are prosecuted could Quakbot end. “Dismantling the Qakbot botnet infrastructure was a victory, but the bot's creators remain active,” said Andrew Brandt, Principal Researcher at Sophos X-Ops, commenting on the recent Qakbot incidents. “Cybercriminals who have access to the original Qakbot source code are experimenting with new variants and testing them in real-world use.

One of the most notable changes concerns the encryption algorithm the bot uses to hide hard-coded default configurations. This makes it even more difficult for analysts to see how the malware works. The attackers are also restoring previously deprecated features such as virtual machine (VM) detection and testing them in these new versions. It is very likely that development of Qakbot will continue until its creators are prosecuted. The good news is that these new Qakbot variants with previously created signatures can be easily detected by endpoint detection software.

More at


About Sophos

More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.

Matching articles on the topic

Report: 40 percent more phishing worldwide

The current spam and phishing report from Kaspersky for 2023 speaks for itself: users in Germany are after ➡ Read more

BSI sets minimum standards for web browsers

The BSI has revised the minimum standard for web browsers for administration and published version 3.0. You can remember that ➡ Read more

Stealth malware targets European companies

Hackers are attacking many companies across Europe with stealth malware. ESET researchers have reported a dramatic increase in so-called AceCryptor attacks via ➡ Read more

IT security: Basis for LockBit 4.0 defused

Trend Micro, working with the UK's National Crime Agency (NCA), analyzed the unpublished version that was in development ➡ Read more

MDR and XDR via Google Workspace

Whether in a cafe, airport terminal or home office – employees work in many places. However, this development also brings challenges ➡ Read more

Test: Security software for endpoints and individual PCs

The latest test results from the AV-TEST laboratory show very good performance of 16 established protection solutions for Windows ➡ Read more

FBI: Internet Crime Report counts $12,5 billion in damage 

The FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which includes information from over 880.000 ➡ Read more

HeadCrab 2.0 discovered

The HeadCrab campaign against Redis servers, which has been active since 2021, continues to successfully infect targets with the new version. The criminals' mini-blog ➡ Read more