Bad news - infamous Qbot malware appears to have returned once again

Operation Duck Hunt only stopped Qbot for a few months

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The dreaded QakBotmalwareis back once again, being distributed among victims in the hospitality industry, experts have warned.

A newMicrosoftreportclaims threat actors are sending out phishing emails and impersonating IRS employees using QakBot. In the emails, they’re delivering a PDF file claiming to be a guest list - but the document states that it cannot be viewed in the email client’s preview pane, instead requesting to be downloaded first.

In fact, the victims who download and run the file are actually downloading anMSIfile that launches the malware DLL into memory. Microsoft said the campaign started a week ago, on December 11, adding that the malware was most likely created on the same day.

Duck season is back

QakBot was first built in 2008, and was originally designed to be a banking trojan. As such, its goal was to steal login credentials to various banking services from its victims. Over time, however, it evolved into a malware dropper, now being used by some of the world’s biggest and most dangerousransomwareoperators.

Last summer, a team of international law enforcement agents, led by the FBI, managed to dismantle QakBot’s infrastructure. By infiltrating the threat actor’s network, the police pushed an update to all infected endpoints that effectively killed the malware. The operation, named Duck Hunt, was hailed as a great success by the FBI.

While it did manage to stop QakBot from being distributed and used for a couple of months, it seems that the time for celebration has passed. The new version has a few minor changes, security researchers toldBleepingComputer, but added that it also comes with a few “unusual bugs”. The bugs, the publication reported, could suggest that the malware is still being actively developed and that new versions might pop up sooner or later.

More from TechRadar Pro

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new malware utilizes a rare programming language to evade traditional detection methods

A new form of macOS malware is being used by devious North Korean hackers

I fell in love with the cute and compact Hyundai Inster, but it has one major drawback