New BackConnect Malware Linked to QakBot Identified
/ 1 min read
🕵️♂️ New BackConnect malware linked to QakBot poses heightened cybersecurity risks. Researchers have identified a new BackConnect (BC) malware developed by threat actors associated with the notorious QakBot loader, which has been adapted from its original banking trojan function to deliver various payloads, including ransomware. Walmart’s Cyber Intelligence team reported that this BC module, utilizing DarkVNC and IcedID, allows attackers to maintain persistence and gain remote access to infected systems. The malware’s infrastructure overlaps with ZLoader, indicating a complex cybercrime ecosystem. Sophos has also linked this activity to threat clusters STAC5777 and STAC5143, which employ tactics like email bombing and Microsoft Teams vishing to exploit vulnerabilities and install backdoors. This development underscores the evolving nature of cyber threats and the interconnectedness of criminal groups.
