PikaBot: a new malware that can destroy your company
Kaspersky Lab has detected a global malicious mailing to company employees.
“Kaspersky Lab” revealed a global campaign to spread malware among corporate users, including in Russia. Attackers use a unique attack technique: they send letters that look like a continuation of real business correspondence with partners or colleagues of the victims. The emails mention real projects, meetings or audio conferences and attach links to malicious files. If the user follows the link, the downloader Trojan PikaBot is installed on their device.
The attack began in mid-May and peaked between the 15th and 18th. During this period, about 5 thousand such letters were discovered. PikaBot is a new family of malware that bears similarities to the well-known banking Trojan Qbot. PikaBot can install other malware on infected devices or execute remote commands.
According to the company’s expert, PikaBot analyzes the language settings of the system and stops the attack if it detects Russian, Belarusian, Tajik, Slovenian, Georgian, Kazakh or Uzbek. This may give the false impression that Russian users are not at risk, but he adds that many attacks have already been reported in Russia and the situation could change at any moment. Instead of PikaBot, a more dangerous malware can be installed.
“In recent years, cybercriminals are increasingly disguising malware and phishing emails as business correspondence — text from real emails helps to make such messages more convincing. Sometimes scammers add the name of the real addresser in the sender field, although an attentive user will notice that the email address from which the letter was sent is different. Often the messages refer to correspondence that ended several years ago,” Kaspersky Lab warns.
To protect against attacks using real corporate messages, Kaspersky Lab advises users to:
- carefully check the sender’s address and do not forward letters to third parties without verification;
- improve digital literacy.
Companies are encouraged to:
- conduct cybersecurity training for employees and teach them to recognize social engineering techniques.
- install a reliable antivirus solution that will automatically block such emails.