Qbot malware returns after this summer’s law enforcement disruption

The QakBot malware, which was disrupted by a multinational law enforcement operation in August, is once again being distributed in phishing campaigns. After months of inactivity, a phishing service started a new campaign sent from an alleged IRS employee to the hospitality industry. Once initial recipients downloaded a PDF file, a custom Window DLL executed the QakBot malware. Experts noted some changes in the malware, including the use of AES for string decryption.