DarkGate Malware Exploits Messaging Services to Infect Organizations
Originally Published 2 years ago — by The Hacker News
DarkGate malware is being spread through instant messaging platforms like Skype and Microsoft Teams, using a Visual Basic for Applications (VBA) loader script disguised as a PDF document. When opened, the script triggers the download and execution of an AutoIt script that launches the malware. The origin of the compromised accounts used in the attacks is unclear, but it is suspected to be through leaked credentials or previous compromises. DarkGate is a commodity malware that harvests sensitive data, conducts cryptocurrency mining, and allows remote control of infected hosts. The malware has seen an increase in social engineering campaigns, leveraging tactics such as phishing emails and SEO poisoning. The attacks have been detected primarily in the Americas, followed by Asia, the Middle East, and Africa.