Known for its constant evolution, Qakbot malware has returned with a new twist — the use of .DLL sideloading to execute the malicious file.
Researchers from Cyble recently warned that the threat group behind Qakbot (aka QBot) is after system credentials it can use to steal money through fraud, identity theft, and more. They added that Qakbot is very active at the moment.
Qakbot attacks rely on email phishing lures for initial access, the analysts said. But its latest iteration leverages DLL sideloading as a way to hide malware from detection. By including benign applications alongside malicious .DLL library files, the attackers are able to execute and deliver the malware payload undetected.
“The threat actors behind Qakbot are highly active and are continuously evolving their methods to increase their efficacy and impact,” the Cyble team said in its latest report on Qakbot’s activities. “Apart from the direct financial impact, this can also lead to incidences of fraud, identity theft, and other consequences for any victim of Qakbot malware.”