July 15, 2024 at 08:19PM The DarkGate malware has become more prevalent after a competitor was taken down by the FBI. Its developer, named RastaFarEye, designed the malware for keylogging, data and credential theft, remote access, and ransomware deployment. Infections are achieved through social engineering, phishing, and compromised websites. The malware’s flexibility and numerous infection … Read more
January 30, 2024 at 12:47PM A recent phishing attack leverages Microsoft Teams group chat requests to distribute DarkGate malware via deceptive file attachments. Attackers exploit the default external messaging access and employ tactics such as double file extensions to trick victims. Organizations are advised to consider disabling External Access and to educate users on recognizing … Read more
December 21, 2023 at 05:04PM An unidentified threat actor conducted numerous social engineering campaigns targeting American and Canadian organizations, aiming to infect them with the multifaceted DarkGate malware. Named “BattleRoyal,” the actor utilized a variety of techniques including phishing emails, fake browser updates, and exploit of Windows Defender vulnerability. The actor later switched to using … Read more
November 21, 2023 at 10:56AM A sophisticated phishing campaign using DarkGate and PikaBot malware is posing a significant threat to organizations. The campaign began after the takedown of the Qakbot operation and is considered one of the most advanced since then. The attackers employ tactics similar to the previous Qakbot campaigns, indicating a shift to … Read more
October 15, 2023 at 01:53PM DarkGate malware attacks have been using compromised Skype accounts to infect targets. The attacks involve VBA loader script attachments that download an AutoIT script to drop and execute the final DarkGate malware payload. Trend Micro researchers also observed DarkGate being pushed through Microsoft Teams. The malware-as-a-service operation has seen a … Read more