<img src="https://ws.zoominfo.com/pixel/cEO5AncHScwpt6EaX0mY" width="1" height="1" style="display: none;">
Skip to main content

Year-End Surge in QakBot Activity

December 05, 2022


In November 2022, three common malware families were the most prevalent detected by Dark Cubed threat researchers:

  1. QakBot - This modular remote access Trojan is the new favorite among ransomware operators looking to purchase "Malware-as-a-Service” from Initial Access Brokers. This month we saw a 400% increase in activity for this malware family compared to the monthly average over the last 12 months. This surge is due to widely targeted campaigns, specifically by threat actors: TA570 and TA577.

    Our threat research team also put together a more detailed analysis of recent QakBot activity: “Black Basta Ransomware Group’s Recent Campaigns and the Year-End Surge in QakBot Activity. You can view that report here.
  2. Redline InfoStealer - This is another malware family widely used by Initial Access Brokers for credential theft and remote access. Recorded Future reported recently that Redline is the top source of stolen credentials for purchase on the Dark Web. Activity related to this malware increased 260% this month.
  3. Racoon Infostealer - Yet another “Malware-as-a-Service” infostealer. A recently unsealed U.S. indictment charged a Ukrainian national for his role in operating the Raccoon botnet. Activity related to this malware increased 130% this month.

    The upward trend in observed activity related to all three “MaaS” malware families reflects the increasing profitability of this new cybercriminal business model.

    Interested to learn how our 100% Automated Threat Detection and Blocking solution could help you to better protect your MSP clients? Contact us to learn more, schedule a demo, or request pricing.