Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

DarkGate and PikaBot Revive QakBot Tactics

November 21, 2023
Reading Time: 6 mins read
in Alerts
DarkGate and PikaBot Revive QakBot Tactics

Recent phishing campaigns have taken a page from the playbook of the defunct QakBot trojan, employing similar tactics in their approach. DarkGate and PikaBot, two malware families, are now being utilized in phishing campaigns, replicating methods that were previously characteristic of QakBot’s operations.

These strategies involve hijacking email threads for initial infections and utilizing URLs with unique patterns that restrict user access, closely mirroring QakBot’s delivery methods. Notably, the malware families involved in these campaigns closely resemble the types that were typically associated with QakBot-affiliated attacks, illustrating a resurgence of older attack methodologies in contemporary cybercrime.

The termination of QakBot, also known as QBot and Pinkslipbot, was a result of the coordinated law enforcement operation termed Operation Duck Hunt, conducted earlier in August. The reemergence of similar attack strategies using DarkGate and PikaBot doesn’t come as a surprise, given that both can serve as conduits to deliver additional payloads to compromised systems, making them an appealing choice for cybercriminals seeking to maximize the impact of their attacks.

Zscaler’s analysis of PikaBot in May 2023 had previously underscored its similarities to QakBot, emphasizing resemblances in distribution methods, campaigns, and malware behaviors.

These phishing campaigns, detailed in a Cofense report, exhibit a wide-reaching impact, targeting various sectors. The attack chains begin with booby-trapped URLs, concealed within hijacked email threads, that direct victims to ZIP archives containing JavaScript droppers. These JavaScript droppers subsequently access a second URL to download and execute either DarkGate or PikaBot malware.

Additionally, a variant of these attacks has been observed deploying Excel add-in (XLL) files instead of JavaScript droppers to deliver the final malicious payloads. Such infections could potentially lead to the deployment of advanced crypto mining tools, reconnaissance software, ransomware, or other malicious files, underscoring the severity and versatility of these phishing attacks leveraging DarkGate and PikaBot.

 

Reference:
  • Are DarkGate and PikaBot the new QakBot?
Tags: Banking TrojanCyber AlertCyber Alerts 2023Cyber AttacksCybersecurityDarkgateMalwareNovember 2023PhishingPikaBotQakbotTrojans
ADVERTISEMENT

Related Posts

Fake Firms Push Malware on Crypto Users

Fake Sites Push Investment Scams

July 11, 2025
Fake Firms Push Malware on Crypto Users

Severe WordPress Flaw 200K Sites at Risk

July 11, 2025
Fake Firms Push Malware on Crypto Users

Fake Firms Push Malware on Crypto Users

July 11, 2025
Hackers Revive SEO Poisoning

Hackers Revive SEO Poisoning

July 10, 2025
Hackers Revive SEO Poisoning

RondoDox Botnet Exploits Router Flaws

July 10, 2025
Hackers Revive SEO Poisoning

ServiceNow Data Exposure via ACLs

July 10, 2025

Latest Alerts

Fake Sites Push Investment Scams

Fake Firms Push Malware on Crypto Users

Severe WordPress Flaw 200K Sites at Risk

RondoDox Botnet Exploits Router Flaws

ServiceNow Data Exposure via ACLs

Hackers Revive SEO Poisoning

Subscribe to our newsletter

    Latest Incidents

    Microsoft’s Outlook Long Outage

    Avantic Lab Affected By Ransomware

    $40M+ Stolen from GMX Crypto Platform

    Bitcoin Depot Breach Exposes Data

    McDonald’s AI Hiring Bot Exposes Data

    Nippon Steel Solutions Data Breach

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial