The PikaBot malware has undergone significant changes, with the developers reducing the complexity of the code and changing the network communications. PikaBot is a malware loader and backdoor that allows attackers to execute commands and control infected hosts. It has been observed that PikaBot halts its execution if the system’s language is Russian or Ukrainian, indicating that the operators may be based in Russia or Ukraine. PikaBot and another loader called DarkGate have become popular among threat actors for obtaining initial access to target networks through phishing campaigns. The latest version of PikaBot focuses on obfuscation, encryption, and secure traffic communication. The developers have also stored the bot configuration in plaintext, unlike previous versions. Despite recent inactivity, PikaBot remains a significant cyber threat that is constantly being developed.
In addition to the PikaBot developments, Proofpoint has alerted of an ongoing cloud account takeover campaign targeting Microsoft Azure environments. This campaign has compromised hundreds of user accounts, including those of senior executives. The attackers use personalized phishing lures with decoy files containing links to malicious phishing web pages. These pages are used for credential harvesting, data exfiltration, internal and external phishing, and financial fraud.
Source link