DarkGate and PikaBot: New Malware Threats Emerge from Advanced Phishing Campaign
In the ever-shifting landscape of cyber threats, a new player has emerged with a sophisticated phishing campaign spreading the DarkGate malware. Since its inception in September, this campaign has evolved into a formidable force, now also disseminating PikaBot. This alarming development follows closely on the heels of the last observed QakBot activity, mirroring the insidious tactics of the infamous threat actors behind QakBot.
The recent silence of QakBot, following the FBI and Justice Department’s dismantling of its infrastructure in August, has been deafening. Yet, the parallels between QakBot’s methodologies and this new campaign are unmistakable. DarkGate and PikaBot, emerging just after QakBot’s dormancy, bear striking similarities in their deployment strategies, indicating a possible connection to the QakBot affiliates.
These malware variants are not mere digital nuisances; they are advanced, highly evasive threats capable of delivering a spectrum of malicious payloads. DarkGate, first detected in 2018, is a multifaceted threat capable of crypto mining, credential theft, ransomware, and remote access. PikaBot, a newcomer spotted in 2023, serves as a sinister loader for additional malware, avoiding detection with an array of evasion techniques.
This campaign is a testament to the evolving sophistication of cyber threats. The threat actors behind it possess skills that transcend those of average phishers, making it imperative for employees to stay vigilant. As Cofense Intelligence continues to monitor this threat, the echoes of QakBot in this campaign serve as a stark reminder of the ever-present danger in the digital world.