August 28, 2024 at 10:33AM APT-C-60, a threat actor linked to South Korea, has exploited a critical flaw in Kingsoft WPS Office to deploy a backdoor called SpyGlace. This malicious activity targeted Chinese and East Asian users using a one-click exploit in a booby-trapped spreadsheet document. The attack tactic has been active since 2021, aiming … Read more
August 16, 2024 at 06:10AM Trend Micro’s Zero Day Initiative (ZDI) revealed a zero-day vulnerability, CVE-2024-38213, named Copy2Pwn, which cybercriminals exploited to bypass Windows protections. Microsoft fixed this flaw in June 2024 but only disclosed it in August. ZDI discovered it during the analysis of attacks by a threat group named Water Hydra for bypassing … Read more
July 12, 2024 at 11:21AM Palo Alto Networks Unit 42 has uncovered a brief DarkGate malware campaign utilizing Samba file shares to spread infections in North America, Europe, and parts of Asia. DarkGate, an evolved malware-as-a-service offering, can perform remote control, code execution, cryptocurrency mining, and more. The campaign highlights the importance of strong cybersecurity … Read more
June 4, 2024 at 03:00AM The DarkGate malware-as-a-service (MaaS) operation has shifted to using an AutoHotkey mechanism for delivering its final stages, underscoring ongoing efforts to evade detection. Developed by RastaFarEye, it includes remote access trojan (RAT) capabilities and various malicious modules. Cyber criminals have been found abusing Docusign for phishing and business email compromise … Read more
April 2, 2024 at 01:51AM TA558, a threat actor targeting the Latin America region, has launched a large-scale phishing campaign to deploy Venom RAT. Primarily focusing on hotel, travel, trading, financial, manufacturing, industrial, and government sectors in multiple countries, it aims to harvest sensitive data and remotely control systems. Additionally, malvertising campaigns delivering malware are … Read more
March 14, 2024 at 02:23AM DarkGate malware exploits a fixed Windows Defender SmartScreen flaw to install fake software, overcoming security checks. This flaw, tracked as CVE-2024-21412, allows attackers to execute files automatically. Trend Micro reports that DarkGate operators are using this vulnerability to enhance infection rates. The campaign involves a multi-step infection chain and employs … Read more
March 14, 2024 at 01:21AM In mid-January 2024, a DarkGate malware campaign leveraged a Microsoft Windows security flaw, leading to attacks targeting financial institutions. The flaw, CVE-2024-21412, was fixed in February 2024, but not before being exploited in conjunction with Google Ads open redirects. This tactic allowed threat actors to distribute malicious software installers, resulting … Read more
March 13, 2024 at 05:26PM The DarkGate malware exploits Windows Defender SmartScreen vulnerability, allowing attackers to automatically install fake software. Microsoft fixed the flaw in mid-February, but DarkGate operators are still using it to infect targeted systems. The attack involves malicious emails with PDF attachments, using open redirects to bypass security checks. Once executed, the … Read more
January 25, 2024 at 11:38AM Cybersecurity researchers have uncovered details about the SystemBC malware, noting its availability on underground markets and its capability to control compromised hosts, deliver various payloads, and use SOCKS5 proxies to mask network traffic. There is also insight into an updated version of the DarkGate remote access trojan, showcasing weaknesses in … Read more
November 20, 2023 at 10:12AM Phishing campaigns using DarkGate and PikaBot malware are utilizing tactics previously seen with QakBot trojan attacks. The malware families have similarities in distribution methods and behaviors to QakBot. DarkGate has advanced evasion techniques and remote control capabilities, while PikaBot can deliver additional payloads. The attacks target various sectors, spreading through … Read more