DarkGate and Pikabot malware emerge as Qakbot’s successors

Trending 2 weeks ago
  1. Home
  2. Technology
  3. DarkGate and Pikabot malware emerge as Qakbot’s successors

Hacker ecology a botnet

A adult phishing attack blame the DarkGate malware infections has afresh added the PikaBot malware into the mix, authoritative it the best beat phishing attack back the Qakbot operation was dismantled.

The awful email attack started in September 2023, afterwards the FBI seized and took bottomward QBot's (Qakbot) infrastructure.

In a new address by Cofense, advisers explain that the DarkGate and Pikabot campaigns use approach and techniques agnate to antecedent Qakbot campaigns, advertence that the Qbot blackmail actors accept now confused on to the newer malware botnets.

"This attack is assuredly a high-level blackmail due to the tactics, techniques, and procedures (TTPs) that accredit the phishing emails to ability advised targets as able-bodied as the beat capabilities of the malware actuality delivered." - Cofense.

As Qbot was one of the best common malware botnets broadcast through email, and both DarkGate and Pikabot are modular malware loaders with abounding of the aforementioned appearance as Qbot, this poses a acute accident to the enterprise.

Like Qbot, the the new malware loaders will be acclimated by blackmail actors to accretion antecedent acceptance to networks and acceptable to accomplish ransomware, espionage, and abstracts annexation attacks.

The acceleration of DarkGate and PikaBot campaignsThe acceleration of DarkGate and PikaBot campaigns
Source: Cofense

The DarkGate and Pikabot campaign

Over the accomplished Summer, there has been a massive access in awful emails blame the DarkGate malware, with the blackmail actors switching to installing Pikabot as the primary burden in October 2023.

The phishing advance begins with an email that is a acknowledgment or advanced of a baseborn altercation thread, which increases the likelihood of the recipients alleviative the advice with trust.

Phishing email acclimated in the campaignPhishing email acclimated in the campaign (Cofense)

Users beat on the anchored URL go through a alternation of checks that verify they are accurate targets and again prompt the ambition to download a ZIP annal absolute a malware dropper that fetches the final burden from a alien resource.

Cofense letters that the attackers experimented with assorted antecedent malware droppers to actuate which works the best, including:

  • JavaScript dropper for downloading and active PEs or DLLs.
  • Excel-DNA loader based on an open-source activity acclimated for creating XLL files, exploited actuality for downloading and active malware.
  • VBS (Virtual Basic Script) downloaders that can assassinate malware through .vbs files in Microsoft Office abstracts or adjure command-line executables.
  • LNK downloaders that bribery Microsoft adjustment files (.lnk) to download and assassinate malware.

The final burden acclimated in these attacks was the DarkGate malware through September 2023, which was replaced by PikaBot in October 2023.

DarkGate and PikaBot

DarkGate was aboriginal accurate in 2017, but it alone became accessible to the broader cybercrime association this accomplished summer, consistent in a spike in its distribution through phishing and malvertising.

It is an beat modular malware that supports a array of awful behaviors, including hVNC for alien access, cryptocurrency mining, about-face shell, keylogging, clipboard stealing, and advice burglary (files, browser data).

PikaBot is a newer malware aboriginal apparent in early 2023 that consists of a loader and a amount module, accumulation all-encompassing anti-debugging, anti-VM, and anti-emulation mechanisms.

The malware profiles adulterated systems and sends the abstracts to its command and ascendancy (C2) infrastructure, apprehension added instructions.

The C2 sends commands instructing the malware to download and assassinate modules in the anatomy of DLL or PE files, shellcode, or command-line commands, so it is a able tool.

Cofense warns that the PikaBot and DarkGate campaigns are run by abreast blackmail actors whose abilities are aloft those of accustomed phishers, so organizations charge accustom themselves with the TTPs for this campaign.

Related Article

Russian pleads guilty to running crypto-exchange used by ransomware gangs

Russian pleads guilty to running crypto-exchange used by ransomware gangs

3 hours ago
UK and allies expose Russian FSB hacking group, sanction members

UK and allies expose Russian FSB hacking group, sanction members

4 hours ago
Meta rolls out default end-to-end encryption on Messenger, Facebook

Meta rolls out default end-to-end encryption on Messenger, Facebook

6 hours ago
Krasue RAT malware hides on Linux servers using embedded rootkits

Krasue RAT malware hides on Linux servers using embedded rootkits

14 hours ago
New SLAM attack steals sensitive data from AMD, future Intel CPUs

New SLAM attack steals sensitive data from AMD, future Intel CPUs

19 hours ago
US senator: Govts spy on Apple, Google users via mobile notifications

US senator: Govts spy on Apple, Google users via mobile notifications

1 day ago

Trending

1. Warriors
2. Jon Rahm
3. Hanukkah
4. Hanukkah 2023
5. LEGO Fortnite
6. Craig Kimbrel
7. Pearl Harbor Day
8. Game Awards 2023
9. Vivek Ramaswamy
10. Post-traumatic amnesia

Popular Article

Where to watch It’s a Wonderful Life

Where to watch It’s a Wonderful Life

19 hours ago
Australia building 'top secret' cloud to catch up and link with US, UK intel orgs

Australia building 'top secret' cloud to catch up and link with US, UK intel orgs

16 hours ago
Dell XPS 15 is still at its Black Friday and Cyber Monday price

Dell XPS 15 is still at its Black Friday and Cyber Monday price

10 hours ago
The best HDR monitors for gaming, content creation, and more

The best HDR monitors for gaming, content creation, and more

23 hours ago
Belgian man charged with smuggling sanctioned military tech to Russia and China

Belgian man charged with smuggling sanctioned military tech to Russia and China

13 hours ago
New SLAM attack steals sensitive data from AMD, future Intel CPUs

New SLAM attack steals sensitive data from AMD, future Intel CPUs

19 hours ago
English (US) English (US) · Indonesian (ID) Indonesian (ID) ·
About Us · Contact Us · Terms & Conditions · Disclaimer ·

©2023 PAK MEDIA BLOG.
All Rights Reserved.