Technology NewsTechnology NewsTechnology News
  • Computing
  • AI
  • Robotics
  • Cybersecurity
  • Electric Vehicle
  • Wearables
  • Gaming
  • Space
Reading: Resilient QakBot Malware Resurfaces with Stealthier Persistence Technique
Share
Font ResizerAa
Technology NewsTechnology News
Font ResizerAa
Search
  • Computing
  • AI
  • Robotics
  • Cybersecurity
  • Electric Vehicle
  • Wearables
  • Gaming
  • Space
Follow US
  • Cookie Policy (EU)
  • Contact
  • About
© 2025 NEWSLINKER - Powered by LK SOFTWARE
Cybersecurity

Resilient QakBot Malware Resurfaces with Stealthier Persistence Technique

Highlights

  • QakBot evades takedown, infects systems anew.

  • Phishing campaigns employ tax season themes.

  • Windows restore points used for malware persistence.

Samantha Reed
Last updated: 8 April, 2024 - 12:10 pm 12:10 pm
Samantha Reed 1 year ago
Share
SHARE

Cybersecurity experts have witnessed the tenacious resurgence of the QakBot malware, known for its sophisticated mechanisms to evade detection and removal. Despite a concerted law enforcement operation dubbed ‘Operation Duck Hunt’ that took down the Qakbot botnet’s servers, the malware has reemerged. By adapting its methods, QakBot now leverages a modified DLL to exploit the srtasks.exe process—a legitimate Windows feature—to maintain its foothold within infected systems even after machine restarts. Additionally, its spread continues unabated through phishing campaigns leveraging tax-themed lures, suggesting that QakBot’s operators are rapidly evolving their strategies to maintain the threat’s efficacy.

Contents
Cybercriminals Adapt TacticsPhishing Lures Entice Unwary UsersUnveiling Stealthier Infection MethodsUseful Information for the Reader

Cybercriminals Adapt Tactics

The resiliency of QakBot is on full display as it sidesteps cybersecurity barriers through a combination of innovative persistence mechanisms and social engineering. The malware now obscures its presence by using the system’s restore points, renaming them deceptively to resemble benign ‘Adobe Installation’ processes. This ingenuity ensures that QakBot remains operational even when traditional cleanup methods are applied, as it reinstates itself from the compromised restore points.

Phishing Lures Entice Unwary Users

Moreover, QakBot’s distribution channels remain alarmingly effective. Phishing emails, often masquerading as communications from the IRS, play on timely taxpayer anxieties to entice victims within the hospitality sector. The malware’s deployment via infected attachments or deceptive links illustrates a continuous reliance on user interaction for propagation.

Unveiling Stealthier Infection Methods

The malware’s technical sophistication is also evident in its deployment methods. By creating temporary files to trigger srtasks.exe with obfuscated commands, QakBot clandestinely modifies system restore points, deterring both detection and remediation efforts. This development, still exhibiting bugs, hints at ongoing refinement by its developers in pursuit of a more formidable malware iteration. Moreover, secondary processes such as msiexec.exe are manipulated to further cloak the malware’s activities.

Research into adjacent topics reveals additional insights into the evolving threat landscape. An article titled “Qakbot Strikes Back: Understanding the Threat” by BinaryDefense delves into QakBot’s role as a gateway for additional cyber threats, highlighting its potential in reconnaissance and the delivery of secondary payloads. Another article, “Meeting the New Qakbot DLL That Abuses Windows Process For Persistence” from Cyber Security News, elaborates on the malware’s sophisticated use of the Windows environment to ensure its continued operation.

Useful Information for the Reader

  • QakBot leverages legitimate Windows processes for malicious persistence.
  • Users should be cautious of tax-themed phishing emails during tax season.
  • System restore points can be compromised and used for malware reinstatement.

In conclusion, QakBot’s resurgence underlines the importance of advanced cybersecurity measures that go beyond conventional detection and removal techniques. Organizations must remain vigilant, particularly by scrutinizing system restore points and being wary of unsolicited tax-related emails. Users and IT professionals alike should note the malware’s new capabilities to adapt their defense strategies accordingly. The identification of malware-infested restore points named ‘Adobe Installation’ and processes associated with the msiexec.exe could serve as critical indicators of a QakBot infection and should be investigated promptly.

You can follow us on Youtube, Telegram, Facebook, Linkedin, Twitter ( X ), Mastodon and Bluesky

You Might Also Like

Law Enforcement Shuts Down AVCheck to Block Cybercriminal Tool Access

FBI Arrests DIA Insider for Alleged Classified Info Leak

Senators Demand DHS Restore Cyber Safety Review Board After Hack

Treasury Department Stops Crypto Scam Network With Sanctions

Attackers Target Ivanti EPMM Flaws, Breaching Major Sectors

Share This Article
Facebook Twitter Copy Link Print
Samantha Reed
By Samantha Reed
Samantha Reed is a 40-year-old, New York-based technology and popular science editor with a degree in journalism. After beginning her career at various media outlets, her passion and area of expertise led her to a significant position at Newslinker. Specializing in tracking the latest developments in the world of technology and science, Samantha excels at presenting complex subjects in a clear and understandable manner to her readers. Through her work at Newslinker, she enlightens a knowledge-thirsty audience, highlighting the role of technology and science in our lives.
Previous Article Why ST-LLM Could Be the Next AI Milestone?
Next Article What’s Next for Samsung Galaxy Watch 4?

Stay Connected

6.2kLike
8kFollow
2.3kSubscribe
1.7kFollow

Latest News

Robotics Innovations Drive Industry Forward at Major 2025 Trade Shows
Robotics
Iridium and Syniverse Deliver Direct-to-Device Satellite Connectivity
IoT
Wordle Players Guess “ROUGH” as June Begins With Fresh Puzzle
Gaming
SpaceX and Axiom Launch New Missions as Japan Retires H-2A Rocket
Technology
AI-Powered Racecars Drive Competition at Laguna Seca Event
Robotics
NEWSLINKER – your premier source for the latest updates in ai, robotics, electric vehicle, gaming, and technology. We are dedicated to bringing you the most accurate, timely, and engaging content from across these dynamic industries. Join us on our journey of discovery and stay informed in this ever-evolving digital age.

ARTIFICAL INTELLIGENCE

  • Can Artificial Intelligence Achieve Consciousness?
  • What is Artificial Intelligence (AI)?
  • How does Artificial Intelligence Work?
  • Will AI Take Over the World?
  • What Is OpenAI?
  • What is Artifical General Intelligence?

ELECTRIC VEHICLE

  • What is Electric Vehicle in Simple Words?
  • How do Electric Cars Work?
  • What is the Advantage and Disadvantage of Electric Cars?
  • Is Electric Car the Future?

RESEARCH

  • Robotics Market Research & Report
  • Everything you need to know about IoT
  • What Is Wearable Technology?
  • What is FANUC Robotics?
  • What is Anthropic AI?
Technology NewsTechnology News
Follow US
About Us   -  Cookie Policy   -   Contact

© 2025 NEWSLINKER. Powered by LK SOFTWARE
Welcome Back!

Sign in to your account

Register Lost your password?