New Phishing Attack Hijacks Email Thread to Inject Malicious URL

Researchers discovered a new campaign delivering DarkGate and PikaBot that employs strategies similar to those employed in QakBot phishing attempts.

This operation sends out a large number of emails to a variety of industries, and because the malware transmitted has loader capabilities, recipients may be vulnerable to more complex threats such as reconnaissance malware and ransomware.

“These include hijacked email threads as the initial infection, URLs with unique patterns that limit user access, and an infection chain nearly identical to what we have seen with QakBot delivery,” Cofense Intelligence stated in a report shared with Cyber Security News.

Infection Chain

The tactics, techniques, and procedures (TTPs) used in this campaign make it a high-level threat because they allow phishing emails to reach their targeted targets, and the malware they distribute has sophisticated capabilities.

A hijacked email thread is used at the start of the campaign to trick customers into visiting ...