Qakbot Attacks Increasing due to Evolving Threats

Zscaler ThreatLabz documents an active and evolving Qakbot (QBot) campaign that uses email-delivered attachments (XLSB with XLM 4.0 macros, ZIPs, LNK shortcuts) and multiple download techniques (PowerShell, curl, regsvr32/rundll32) to drop and execute obfuscated Qakbot DLLs; the report provides month-by-month changes in TTPs, multiple payload URLs, C2 IPs, file hashes, and recommended detections to block this credential-stealing threat.