"Water Curupira Hackers Actively Distributing PikaBot Loader Malware"

In 2023, a threat actor known as Water Curupira was observed actively distributing the PikaBot loader malware through spam campaigns. According to Trend Micro researchers, PikaBot's operators conducted phishing campaigns against victims using two components, a loader and a core module, which enabled unauthorized remote access and the execution of arbitrary commands via an established connection with their command-and-control (C2) server. The activity began in the first quarter of 2023 and continued until the end of June before resuming in September. It also overlaps with previous campaigns that used similar tactics to deliver QakBot. The increase in the number of PikaBot-related phishing campaigns is suspected of having been caused by QakBot's takedown in August, with DarkGate becoming another replacement. This article continues to discuss the distribution of the PikaBot loader malware by Water Curupira.

THN reports "Water Curupira Hackers Actively Distributing PikaBot Loader Malware"

Submitted by grigby1

Submitted by grigby1 CPVI on