New variants of the QBot malware, also known as Qakbot, have emerged since mid-December despite having been disrupted in August, suggesting continuous testing by the malware developer, BleepingComputer reports.
Sophos X-Ops researchers discovered that QBot samples deployed in December and January were distributed via a Microsoft Software Installer executable. Improved obfuscation techniques have also been integrated into the new iterations of the malware, which have been using sophisticated AES-256 encryption alongside older versions' XOR technique.
Further examination of a new QBot variant revealed that execution on Windows systems triggered a fraudulent Adobe installation prompt in the targeted system, which launches the malware regardless of the popup option clicked. Such a development comes after QBot was reported by Microsoft to be involved in a December phishing campaign spoofing the Internal Revenue Service.
Cisco Talos also noted a Qakbot campaign that remained active in October due to the continued operations of the malware's spam delivery infrastructure following the takedown.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news