Malware News Pikabot Malware Surfaces as Qakbot Replacement for Black Basta Attacks

[silversurfer]

Content source

https://www.darkreading.com/cyberattacks-data-breaches/pikabot-malware-qakbot-replacement-black-basta-attacks

A threat actor associated with Black Basta ransomware attacks has been wielding a new loader similar to the notoriously hard-to-kill Qakbot, in a widespread phishing campaign aimed at gaining entry to organization networks for further malicious activity.

Tracked as Water Curupira by Trend Micro, the actor is best known for conducting dangerous campaigns to drop backdoors such as Cobalt Strike that ultimately lead to Black Basta ransomware attacks, researchers said in a post published Jan. 9.

Water Curupira's Pikabot campaigns begin with phishing emails that employ thread-jacking, a technique that uses existing email threads — possibly stolen from previous victims — to create emails that look like they are part of a previous conversation. This increases the likelihood that a victim will think the email is legitimate and engage with the threat actor.

The campaign sends emails using addresses that are created either through new domains or free email services that use names that can be found in original hijacked email threads. The message includes most of the content of the original thread, including the email subject, but also adds a short message on top directing the recipient to open a malicious email attachment.