Unmasking Phishing Techniques: The Return of QakBot through DarkGate and PikaBot Malware

Unmasking Phishing Techniques: The Return of QakBot through DarkGate and PikaBot Malware

Phishing Campaigns Pump Out Malware: DarkGate and PikaBot Tail QakBot’s Path

Main points:

– Phishing campaigns now deliver malware families like DarkGate and PikaBot.
– These campaigns utilize tactics observed in attacks that used the now-extinct QakBot trojan.
– Initial infection happens through hijacked email threads.
– Unique URLs restricting user access are in place.
– Near-identical infection chain to QakBot’s delivery system.
– All these findings are according to a report by Cofense.

Phishing Campaigns Drop Malware Bombs: DarkGate and PikaBot

There’s a fresh-out-of-the-fryer scandal brewing in cyber world: phishing campaigns are baking a new kind of cookie. This time, they’re netting victims by serving Malware pies akin to the DarkGate and PikaBot families. It’s like finding out your friendly neighborhood baker’s secret crust recipe was copied from your arch-nemesis—only this batch has a dash of malicious code and a sprinkle of identity theft.

The Chef Behind The Counter: The Ghost of QakBot

Who’s the master chef inspiring this deceptive delicacy? Look no further than the defunct QakBot trojan. Even in the baking afterlife, QakBot’s legacy continues to haunt the cyber world with its tested and tempting tactics. It’s like baking with a ghost chef—you don’t see him but you know his stylistic flour fingerprints are all over the place.

The Sneaky Recipe: Hijacked Email Threads

The dough that achieves this deceit? Hijacked email threads are the starting point for this infection. It’s a little like finding your secret sourdough starter injected with expired yeast—it looks fine until it starts wreaking havoc on your digestive system (or in this case, your digital world).

Chain of Infection: As Familiar as Grandma’s Apple Pie

According to Cofense, the chain of infection is almost identical to the one QakBot used. By using unique URLs that limit user access, the phishing campaigns have really baked in the deceit. It’s akin to your grandma’s famous apple pie recipe, there’s something eerily familiar about it… you just can’t put your finger on it. Or you did, and now it’s been digitized and is in the hands of hackers.

Article Summary

In short, phishing campaigns dropping vile fillings of DarkGate and PikaBot malware have been carefully crafted using recipes formerly used by the discontinued QakBot Trojan. This procedure involves using hijacked email threads as the starter, topped off with unique URL patterns to limit user access. The infection chain in use is strikingly similar to the one by QakBot, according to a report by Cofense. It’s as if an old enemy reappeared… but instead of knocking at your door, it sent a phishing email with a Trojan pie as an attachment.

Original Article: https://thehackernews.com/2023/11/darkgate-and-pikabot-malware-resurrect.html


0

Your Cart Is Empty

No products in the cart.