The Qakbot banking trojan, a.k.a, Qbot has developed new obfuscation techniques that make it harder to detect and remove.
Cisco Talos researchers spotted a change in the infection chain of the trojan that may allow the download of the malware to go undetected since it is obfuscated when downloaded and saved in two separate files, according to a May 2 blog post.
The files are then decrypted and reassembled using the type command and detection that focuses on observing the full transfer of the malicious executable would likely miss the updated version of the malware.
Researchers said they first observed a spike in requests to the hijacked domains on April 2, 2019 which coincided with DNS changes made to the same domains on March 19, 2019.
Earlier this year, a shifty new variant of the malware spread targeting U.S. corporations with a new polymorphic variant that compromised thousands of victims around the world.