A recent cybersecurity report highlights the emergence of a new malware, Pikabot, associated with Black Basta ransomware attacks. The threat actor, Water Curupira, is using Pikabot in a widespread phishing campaign targeting organizations. Pikabot is considered a potential replacement for the Qakbot Trojan, which was taken down in August 2023 during Operation Duck Hunt. Despite Qakbot’s takedown, which affected around 700,000 infected machines, Pikabot has surfaced with similar functionality.
Pikabot campaigns typically start with phishing emails using thread-jacking, a technique that involves hijacking existing email threads to seem legitimate. These emails contain malicious attachments that, when opened, lead to the downloading and execution of Pikabot. Notably, Pikabot avoids attacking systems using Russian or Ukrainian languages, indicating possible geographic affiliations of the threat actor.
Trend Micro, the cybersecurity firm reporting these findings, advises users to exercise caution with emails, especially from unfamiliar sources. They recommend verifying sender identities and the legitimacy of email content, as well as maintaining updated systems and regular backups to mitigate risks from such threats.
Link:

