Two malwares bring QakBot’s spread strategies back to life

Two malwares bring QakBot's spread strategies back to life

The fearsome malware QakBotwhose infrastructure was dismantled by an international operation, now seems to be part of the history of cybersecurity.

What this malicious agent proposed, however, has set a precedent and also influences today’s malware campaigns. This is what emerges from a report by Cofense, which he discovered as two families of malware, viz DarkGate e PikaBotare following some tactics previously used by trojan now disappeared.

According to experts, the similarities are several and include email messages exploited as the main vector, Malicious URLs which are reminiscent of those exploited by QakBot and other small similarities. In general, as discovered by Zscalerwe talk about diffusion methods, campaigns and behaviors that QakBot has in common with its “heirs”.

Like their illustrious predecessor, both DarkGate and PikaBot can act as loaders on compromised hosts, making them invaluable to cybercriminals.

DarkGate and PikaBot “resuscitano” QakBot

The research carried out by Cofense reveals high-volume phishing campaigns, capable of focusing on various sectors. The attack chains propagate malicious URLs, which redirect victims to ZIP archives that contain gods dropper JavaScript. This, in turn, directs the user to another URL, from which DarkGate or PikaBot, as appropriate, is downloaded and executed.

Expert research has also highlighted a further variant, which may involve others file Excel instead of the aforementioned javaScript dropper. Cofense’s considerations highlight how these malware can be used for mining di criptovalute or in other contexts, give it cyber espionage until the dreaded attacks ransomware.

As with any other malicious agent, users are advised to use extreme caution when downloading a file from a suspicious email or site. In this sense, an excellent one antivirus However, it can help you experience online browsing more peacefully.


Leave a Reply

Your email address will not be published. Required fields are marked *