Malware News Pikabot Malware Surfaces as Qakbot Replacement for Black Basta Attacks


Level 85
Thread author
Honorary Member
Top Poster
Content Creator
Malware Hunter
Aug 17, 2014
A threat actor associated with Black Basta ransomware attacks has been wielding a new loader similar to the notoriously hard-to-kill Qakbot, in a widespread phishing campaign aimed at gaining entry to organization networks for further malicious activity.

Tracked as Water Curupira by Trend Micro, the actor is best known for conducting dangerous campaigns to drop backdoors such as Cobalt Strike that ultimately lead to Black Basta ransomware attacks, researchers said in a post published Jan. 9.
Water Curupira's Pikabot campaigns begin with phishing emails that employ thread-jacking, a technique that uses existing email threads — possibly stolen from previous victims — to create emails that look like they are part of a previous conversation. This increases the likelihood that a victim will think the email is legitimate and engage with the threat actor.

The campaign sends emails using addresses that are created either through new domains or free email services that use names that can be found in original hijacked email threads. The message includes most of the content of the original thread, including the email subject, but also adds a short message on top directing the recipient to open a malicious email attachment.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.