Experts have reported attacks on corporate users, including in Russian organizations. Hackers have allegedly embedded themselves in an existing dialogue with the recipients, sending emails that suggest the presence of an audio recording, information about a meeting, or details of a real project. From May 10 to 18, almost 5,000 such emails were recorded. The emails contain a link to malware, specifically the Trojan downloader PikaBot. PikaBot is a new malware family used to install other malware families and execute arbitrary command line code from a remote server. It is similar to the banking Trojan Qbot, which is capable of extracting passwords and cookies from browsers, stealing emails, intercepting traffic, and providing remote access to the infected system.
