(817) 767-9400 info@novusitinc.com

The Rise and Reach of DarkGate Malware

In the recent months, DarkGate malware has demonstrated a cunning approach by exploiting compromised Skype accounts to deliver its malicious payload. Notably, the malware’s attacks between July and September were orchestrated via messages containing VBA loader script attachments. Trend Micro, a leading name in cybersecurity, has been vigilant in identifying these alarming techniques.

As highlighted by Trend Micro researchers, the strategy was crafty. By gaining access to a victim’s Skype account, the attackers seamlessly hijacked existing message threads. This tactic enabled them to mold the file naming convention, ensuring it resonated with the context of the chat history. Currently, the speculation regarding the compromise of initial accounts ranges from leaks available in covert forums to a broader compromise of the overarching organization.

But Skype wasn’t the only medium in their crosshairs. Trend Micro shed light on the DarkGate culprits’ endeavors to disseminate their malware through Microsoft Teams. This was especially prevalent in setups where Teams was amenable to messages from non-internal users. Earlier instances of Teams phishing campaigns, deploying the DarkGate malware through deceptive VBScript, were detected by entities like Truesec and MalwareBytes. By leveraging compromised Office 365 accounts and a tool known as TeamsPhisher, malevolent actors sidestepped restrictions. This enabled them to target Microsoft Teams users by dispatching phishing attachments.

Trend Micro elucidated the overarching intent: a comprehensive breach of the target environment. Depending on which group harnesses the DarkGate variant, the looming threats can oscillate between ransomware and cryptomining. Their telemetry highlighted a conspicuous connection, indicating DarkGate’s association with the notorious Black Basta ransomware group.

DarkGate Malware’s Mounting Momentum

The DarkGate malware’s proliferation as a go-to loader for infiltrating corporate infrastructures is undeniable. This trajectory gained traction particularly post the Qakbot botnet’s neutralization in August, a result of collective global efforts. Intriguingly, prior to the Qakbot incident, an individual claiming to be the brains behind DarkGate was marketing subscriptions on a clandestine forum. The price tag for an annual subscription? A staggering $100,000.

This malware isn’t just about its cost. It boasts an array of features: a stealthy VNC, prowess to outsmart Windows Defender, tools designed for browser history theft, an in-built reverse proxy, and a file manager, not forgetting a Discord token snatcher.

The aftermath of this revelation was anticipated. A significant rise in DarkGate infections has been chronicled, leveraging varied delivery mechanisms from phishing to malvertising. This resurgence not only spotlights DarkGate’s growing footprint as a malware-as-a-service (MaaS) offering but also signifies the unwavering resolve of these cybercriminals. Even in the face of adversity, they refine and recalibrate their strategies relentlessly.

DarkGate Malware – A Persisting Cyber Threat

The escalating activities associated with DarkGate malware are a potent reminder of the dynamic nature of cyber threats. Organizations and individuals alike must remain vigilant, continually updating their defenses in this ever-evolving digital landscape.

Like what you read?  Follow us on Facebook, LinkedIn and Instagram!