Distinctive Campaign Evolution of Pikabot Malware

Authored by Anuradha and Preksha

PikaBot is a malicious backdoor that has been active since early 2023. Its modular design is comprised of a loader and a core component. The core module performs malicious operations, allowing for the execution of commands and the injection of payloads from a command-and-control server. The malware employs a code injector to decrypt and inject the core module into a legitimate process. Notably, PikaBot employs distribution methods, campaigns, and behavior reminiscent of Qakbot.

backdoor campaign command control design injection introduction loader malicious malware modular operations payloads pikabot server