Project Hyphae

Rise of Pikabot: The New Cyber Threat in the Post-Qakbot Era

Share This Post

A recent cybersecurity report highlights the emergence of a new malware, Pikabot, associated with Black Basta ransomware attacks. The threat actor, Water Curupira, is using Pikabot in a widespread phishing campaign targeting organizations. Pikabot is considered a potential replacement for the Qakbot Trojan, which was taken down in August 2023 during Operation Duck Hunt. Despite Qakbot’s takedown, which affected around 700,000 infected machines, Pikabot has surfaced with similar functionality.

Pikabot campaigns typically start with phishing emails using thread-jacking, a technique that involves hijacking existing email threads to seem legitimate. These emails contain malicious attachments that, when opened, lead to the downloading and execution of Pikabot. Notably, Pikabot avoids attacking systems using Russian or Ukrainian languages, indicating possible geographic affiliations of the threat actor.

Trend Micro, the cybersecurity firm reporting these findings, advises users to exercise caution with emails, especially from unfamiliar sources. They recommend verifying sender identities and the legitimacy of email content, as well as maintaining updated systems and regular backups to mitigate risks from such threats.


Reach out to our incident response team for help

More To Explore

CVE-2024-3596 | Attackers Blasting RADIUS

CVE-2024-3596 | CVSS:9.0 A new and emerging attacked named “Blast-RADIUS”, allows a man-in-the-middle attack between the RADIUS client and server to forge a valid protocol

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.