Evasive QBot Malware Leverages Short-lived Residential IPs for Dynamic Attacks
01-Jun-23
“25% of the command-and-control (C2) servers used by the evasive and tenacious malware known as QBot are only active for one day, according to an investigation of the C2 infrastructure. Additionally, only 50% of the servers are active for longer than a week, showing the utilisation of a flexible and dynamic C2 infrastructure, according to a report published with The Hacker News by Lumen Black Lotus Labs.
Security experts Chris Formosa and Steve Rudd noted that this botnet has adapted techniques to conceal its infrastructure in residential IP space and infected web servers, as opposed to hiding in a network of hosted virtual private servers (VPSs)”.
