A new Qakbot banking Trojan variant comes with novel persistence technique that improves evasion skills and makes its removal a lot more cumbersome according to researchers from Cisco Talos. The new version adds scheduled tasks to the systems it compromises which will download the malware’s binary spread over multiple archives, recompose it on the compromised system, and relaunch the malware after each system restart to avoid removal. The first requests to the hijacked domains were seen on April 2 right after a number of changes were also made during March 19.
Source: https://www.bleepingcomputer.com/news/security/qakbot-assembles-itself-from-encrypted-halves-to-evade-detection/