Hospitality sector subjected to new malware attacks

Organizations in the hospitality industry have been targeted by a new phishing campaign distributing the QakBot, or QBot, malware months after the botnet was taken down in a law enforcement operation, according to BleepingComputer. Attackers behind the campaign delivered emails spoofing an IRS employee that included a PDF attachment purporting to be a guest list, which when downloaded would prompt an MSI and later deploy the QakBot malware DLL, said the Microsoft Threat Intelligence team on X, formerly Twitter. Such DLL was also created on the day the campaign commenced, noted researchers, who added that the payload's configuration with a novel version indicated persistent malware development. QakBot's reemergence has also been confirmed by Proofpoint security researchers Tommy Madjar and Pim Trouerbach, with Trouerbach noting that the QakBot DLL has been updated to enable string decryption via AES instead of XOR and is likely to be continuously improved to address bugs.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.