Trend Micro -
QAKBOT operators resumed email spam operations towards the end of September after an almost three-month hiatus. QAKBOT detection has become a precursor to many critical and widespread ransomware attacks. Our report shares some insight into the new techniques and tools this threat is using.
QAKBOT is a prevalent information-stealing malware that was first discovered in 2007. In recent years, its detection has become a precursor to many critical and widespread ransomware attacks. It has been identified as a key “malware installation-as-a-service” botnet that enables many of today’s campaigns.
Toward the end of September 2021, we noted that QAKBOT operators resumed email spam operations after an almost three-month hiatus. Specifically, we saw that the malware distributor “TR” was sending malicious spam leading victims to SquirrelWaffle (another malware loader) and QAKBOT. In early October, the same “TR” distributor was reportedly conducting brute-force attacks on Internet Message Access Protocol (IMAP) services, and there is also speculation from security researchers that “TR”