While the researchers at Talos have connected the latest phishing campaign to QakBot affiliates, they have emphasized that these threat actors are now distributing other RATs instead of the QakBot loader itself. Giuseppe Venere from Talos pointed out, “Though we have not seen the threat actors distributing Qakbot post-infrastructure takedown, we assess the malware will likely continue to pose a significant threat moving forward.”
The resilience of QakBot’s operators suggests that their arrest was not part of the FBI’s operation, leaving the possibility open that they may choose to rebuild the QakBot infrastructure. QakBot, also known as Qbot or Pinkslipbot, is a malware strain that has been active for over a decade, primarily targeting Windows-based systems. Over the years, it has undergone significant evolution, expanding its capabilities to include the distribution of ransomware and other malicious activities.
