Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

DarkGate and PikaBot Revive QakBot Tactics

November 21, 2023
Reading Time: 6 mins read
in Alerts
DarkGate and PikaBot Revive QakBot Tactics

Recent phishing campaigns have taken a page from the playbook of the defunct QakBot trojan, employing similar tactics in their approach. DarkGate and PikaBot, two malware families, are now being utilized in phishing campaigns, replicating methods that were previously characteristic of QakBot’s operations.

These strategies involve hijacking email threads for initial infections and utilizing URLs with unique patterns that restrict user access, closely mirroring QakBot’s delivery methods. Notably, the malware families involved in these campaigns closely resemble the types that were typically associated with QakBot-affiliated attacks, illustrating a resurgence of older attack methodologies in contemporary cybercrime.

The termination of QakBot, also known as QBot and Pinkslipbot, was a result of the coordinated law enforcement operation termed Operation Duck Hunt, conducted earlier in August. The reemergence of similar attack strategies using DarkGate and PikaBot doesn’t come as a surprise, given that both can serve as conduits to deliver additional payloads to compromised systems, making them an appealing choice for cybercriminals seeking to maximize the impact of their attacks.

Zscaler’s analysis of PikaBot in May 2023 had previously underscored its similarities to QakBot, emphasizing resemblances in distribution methods, campaigns, and malware behaviors.

These phishing campaigns, detailed in a Cofense report, exhibit a wide-reaching impact, targeting various sectors. The attack chains begin with booby-trapped URLs, concealed within hijacked email threads, that direct victims to ZIP archives containing JavaScript droppers. These JavaScript droppers subsequently access a second URL to download and execute either DarkGate or PikaBot malware.

Additionally, a variant of these attacks has been observed deploying Excel add-in (XLL) files instead of JavaScript droppers to deliver the final malicious payloads. Such infections could potentially lead to the deployment of advanced crypto mining tools, reconnaissance software, ransomware, or other malicious files, underscoring the severity and versatility of these phishing attacks leveraging DarkGate and PikaBot.

 

Reference:
  • Are DarkGate and PikaBot the new QakBot?
Tags: Banking TrojanCyber AlertCyber Alerts 2023Cyber AttacksCybersecurityDarkgateMalwareNovember 2023PhishingPikaBotQakbotTrojans
ADVERTISEMENT

Related Posts

DHS Data Hub Leaked Sensitive Intel

ChatGPT Calendar Flaw Lets Email Theft

September 17, 2025
DHS Data Hub Leaked Sensitive Intel

Windows Update Breaks SMBv1 Shares

September 17, 2025
DHS Data Hub Leaked Sensitive Intel

Scattered Spider Returns Despite Exit

September 17, 2025
LangChainGo Bug Exposes Sensitive Files

VoidProxy Targets Microsoft And Google

September 16, 2025
LangChainGo Bug Exposes Sensitive Files

WhiteCobra Drops Malicious VSCode Apps

September 16, 2025
LangChainGo Bug Exposes Sensitive Files

LangChainGo Bug Exposes Sensitive Files

September 16, 2025

Latest Alerts

ChatGPT Calendar Flaw Lets Email Theft

Windows Update Breaks SMBv1 Shares

Scattered Spider Returns Despite Exit

WhiteCobra Drops Malicious VSCode Apps

VoidProxy Targets Microsoft And Google

LangChainGo Bug Exposes Sensitive Files

Subscribe to our newsletter

    Latest Incidents

    DHS Data Hub Leaked Sensitive Intel

    Worm Infects 180 npm Packages

    Jaguar Land Rover Delays Restart After Cyberattack

    Hackers Hit Gucci And Balenciaga Data

    Fake Account Found In Google Portal

    Insider Breach Hits FinWise Bank Data

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial