Select Page

Infection chains associated with the multi-purpose Qakbot malware have been broken down into “distinct building blocks,” an effort that Microsoft said will help to proactively detect and block the threat in an effective manner.

The Microsoft 365 Defender Threat Intelligence Team dubbed Qakbot a “customizable chameleon that adapts to suit the needs of the multiple threat actor groups that utilize it.”

Qakbot is believed to be the creation of a financially motivated cybercriminal threat group known as Gold Lagoon. It is a prevalent information-stealing malware that, in recent years, has become a precursor to many critical and widespread ransomware attacks, offering a malware installation-as-a-service that enables many campaigns.

First discovered in 2007, the modular malware — like TrickBot — has evolved from its early roots as a banking trojan to become a Swiss Army knife capable of data exfiltration and acting as a delivery mechanism for the second stage payloads, including ransomware. Also notable is its tactic of hijacking victims’ legitimate email threads from Outlook clients via an Email Collector component and using those threads as phishing lures to infect other machines.

images from Hacker News