Subj : Bad news - infamous Qbot malware appears to have returned once ag To : All From : TechnologyDaily Date : Mon Dec 18 2023 16:15:05 Bad news - infamous Qbot malware appears to have returned once again Date: Mon, 18 Dec 2023 15:59:50 +0000 Description: Operation Duck Hunt only stopped Qbot for a few months, and now the malware is back in action FULL STORY ====================================================================== The dreaded QakBot malware is back once again, being distributed among victims in the hospitality industry, experts have warned. A new Microsoft report claims threat actors are sending out phishing emails and impersonating IRS employees using QakBot. In the emails, theyre delivering a PDF file claiming to be a guest list - but the document states that it cannot be viewed in the email clients preview pane, instead requesting to be downloaded first. In fact, the victims who download and run the file are actually downloading an MSI file that launches the malware DLL into memory. Microsoft said the campaign started a week ago, on December 11, adding that the malware was most likely created on the same day. Duck season is back QakBot was first built in 2008, and was originally designed to be a banking trojan. As such, its goal was to steal login credentials to various banking services from its victims. Over time, however, it evolved into a malware dropper, now being used by some of the worlds biggest and most dangerous ransomware operators. Last summer, a team of international law enforcement agents, led by the FBI, managed to dismantle QakBots infrastructure. By infiltrating the threat actors network, the police pushed an update to all infected endpoints that effectively killed the malware. The operation, named Duck Hunt, was hailed as a great success by the FBI. While it did manage to stop QakBot from being distributed and used for a couple of months, it seems that the time for celebration has passed. The new version has a few minor changes, security researchers told BleepingComputer , but added that it also comes with a few "unusual bugs". The bugs, the publication reported, could suggest that the malware is still being actively developed and that new versions might pop up sooner or later. More from TechRadar Pro This malware is evolving to become more dangerous than ever Here's a list of the best firewalls today These are the best endpoint protection services right now ====================================================================== Link to news story: https://www.techradar.com/pro/security/bad-news-infamous-qbot-malware-appears- to-have-returned-once-again --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .