DarkGate Malware Replaces AutoIt with AutoHotkey in Latest Cyber Attacks

June 4, 2024 at 03:00AM The DarkGate malware-as-a-service (MaaS) operation has shifted to using an AutoHotkey mechanism for delivering its final stages, underscoring ongoing efforts to evade detection. Developed by RastaFarEye, it includes remote access trojan (RAT) capabilities and various malicious modules. Cyber criminals have been found abusing Docusign for phishing and business email compromise … Read more

Massive Phishing Campaign Strikes Latin America: Venom RAT Targeting Multiple Sectors

April 2, 2024 at 01:51AM TA558, a threat actor targeting the Latin America region, has launched a large-scale phishing campaign to deploy Venom RAT. Primarily focusing on hotel, travel, trading, financial, manufacturing, industrial, and government sectors in multiple countries, it aims to harvest sensitive data and remotely control systems. Additionally, malvertising campaigns delivering malware are … Read more

Hackers exploit Windows SmartScreen flaw to drop DarkGate malware

March 14, 2024 at 02:23AM DarkGate malware exploits a fixed Windows Defender SmartScreen flaw to install fake software, overcoming security checks. This flaw, tracked as CVE-2024-21412, allows attackers to execute files automatically. Trend Micro reports that DarkGate operators are using this vulnerability to enhance infection rates. The campaign involves a multi-step infection chain and employs … Read more

DarkGate Malware Exploits Recently Patched Microsoft Flaw in Zero-Day Attack

March 14, 2024 at 01:21AM In mid-January 2024, a DarkGate malware campaign leveraged a Microsoft Windows security flaw, leading to attacks targeting financial institutions. The flaw, CVE-2024-21412, was fixed in February 2024, but not before being exploited in conjunction with Google Ads open redirects. This tactic allowed threat actors to distribute malicious software installers, resulting … Read more

Hackers abuse Windows SmartScreen flaw to drop DarkGate malware

March 13, 2024 at 05:26PM The DarkGate malware exploits Windows Defender SmartScreen vulnerability, allowing attackers to automatically install fake software. Microsoft fixed the flaw in mid-February, but DarkGate operators are still using it to infect targeted systems. The attack involves malicious emails with PDF attachments, using open redirects to bypass security checks. Once executed, the … Read more

SystemBC Malware’s C2 Server Analysis Exposes Payload Delivery Tricks

January 25, 2024 at 11:38AM Cybersecurity researchers have uncovered details about the SystemBC malware, noting its availability on underground markets and its capability to control compromised hosts, deliver various payloads, and use SOCKS5 proxies to mask network traffic. There is also insight into an updated version of the DarkGate remote access trojan, showcasing weaknesses in … Read more

DarkGate and PikaBot Malware Resurrect QakBot’s Tactics in New Phishing Attacks

November 20, 2023 at 10:12AM Phishing campaigns using DarkGate and PikaBot malware are utilizing tactics previously seen with QakBot trojan attacks. The malware families have similarities in distribution methods and behaviors to QakBot. DarkGate has advanced evasion techniques and remote control capabilities, while PikaBot can deliver additional payloads. The attacks target various sectors, spreading through … Read more

Ducktail Infostealer, DarkGate RAT Linked to Same Threat Actors

October 20, 2023 at 02:18PM DarkGate, a remote access trojan (RAT), has been linked to the Vietnamese financial cybercrime operation behind the Ducktail infostealer. Researchers have found similarities in the lure documents and targeting used by both malware. DarkGate is a multifunctional malware that can steal information, distribute malware, and mine cryptocurrency. Understanding connections between … Read more

Vietnamese Hackers Target U.K., U.S., and India with DarkGate Malware

October 20, 2023 at 10:09AM Vietnamese actors linked to the Ducktail stealer have been using DarkGate malware to target entities in the UK, US, and India. The increase in DarkGate campaigns is attributed to the decision to rent it out on a malware-as-a-service basis. The campaigns also involve LOBSHOT and RedLine Stealer, with similar tactics … Read more

Fake Corsair job offers on LinkedIn push DarkGate malware

October 20, 2023 at 08:50AM LinkedIn users are being targeted by a threat actor spreading malware through fake job posts at Corsair. The cybercriminal group responsible for the attacks, believed to be Vietnamese, is linked to previous campaigns targeting Facebook business accounts. The malware, including DarkGate and RedLine, is distributed through malicious files downloaded from … Read more