New BackConnect (BC) Malware Disclosed by Cybersecurity Researchers
Cybersecurity researchers have disclosed details of a new BackConnect (BC) malware developed by threat actors linked to the infamous QakBot loader.
“BackConnect is a common feature or module utilized by threat actors to maintain persistence and perform tasks,” Walmart’s Cyber Intelligence team told The Hacker News. “The BackConnect(s) in use were ‘DarkVNC’ alongside the IcedID BackConnect (IcedID malware).
“Both threat actors operated their own Microsoft Office 365 service tenants as part of their attacks and took advantage of a default Microsoft Teams configuration that permits users on external domains to initiate chats or meetings with internal users,” Sophos said.
With Black Basta operators having previously relied on QakBot for deploying the ransomware, the emergence of a new BC module, coupled with the fact that Black Basta has also distributed ZLoader in recent months, paints a picture of a highly interconnected cybercrime ecosystem where the developers behind QakBot are likely supporting the Black Basta team with new tools, Walmart said.
