14 matches found
New ClickFix Attack Uses Fake Browser Fix to Install DarkGate Malware
Researchers at Point Wild have discovered a new ClickFix attack campaign that tricks users into manually installing DarkGate malware via fake browser extension alerts. Learn how this attack bypasses security by using the Windows Run box and how you can stay safe...
ClickFix vs. traditional download in new DarkGate campaign
During the past several months there have been numerous malware campaigns that use a technique something referred to as "ClickFix". It often consists of a fake CAPTCHA or similar traffic validation page where visitors are instructed to paste and execute code in order to proceed. We have started t...
Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware
A new social engineering campaign has leveraged Microsoft Teams as a way to facilitate the deployment of a known malware called DarkGate. "An attacker used social engineering via a Microsoft Teams call to impersonate a user's client and gain remote access to their system," Trend Micro researchers...
Vishing via Microsoft Teams Facilitates DarkGate Malware Intrusion
In this blog entry, we discuss a social engineering attack that tricked the victim into installing a remote access tool, triggering DarkGate malware activities and an attempted C&C connection...
DarkGate switches up its tactics with new payload, email templates
This post was authored by Kalpesh Mantri. Cisco Talos is actively tracking a recent increase in activity from malicious email campaigns containing a suspicious Microsoft Excel attachment that, when opened, infected the victims system with the DarkGate malware. These campaigns, active since the...
DarkGate again but... Improved?
DarkGate again but... Improved? By Ernesto Fernández Provecho · June 3, 2024 Executive summary During 2023, DarkGate made a comeback with a version full of new features, becoming one of the most preferred Remote Access Trojans RATs by malicious actors. However, this momentum also required...
DarkGate Malware: Persistent Threat in Active Distribution
...
Latrodectus Malware Loader Emerges as IcedID's Successor in Phishing Campaigns
Cybersecurity researchers have observed a spike in email phishing campaigns starting early March 2024 that delivers Latrodectus, a nascent malware loader believed to be the successor to the IcedID malware. "These campaigns typically involve a recognizable infection chain involving oversized...
Microsoft Teams External Access Abuses to Spread DarkGate Malware
By Waqas Threat actors are exploiting Microsoft Teams' External Access feature to spread DarkGate malware through chats. This is a post from HackRead.com Read the original post: Microsoft Teams External Access Abuses to Spread DarkGate Malware...
Hackers Exploiting MS Excel Vulnerability to Spread Agent Tesla Malware
Attackers are weaponizing an old Microsoft Office vulnerability as part of phishing campaigns to distribute a strain of malware called Agent Tesla. The infection chains leverage decoy Excel documents attached in invoice-themed messages to trick potential targets into opening them and activate the...
A week in security (October 23 – October 29)
Last week on Malwarebytes Labs: Malvertising via Dynamic Search Ads delivers malware bonanza Octo Tempest cybercriminal group is "a growing concern"—Microsoft Update now! Apple patches a raft of vulnerabilities Patch…later? Safari iLeakage bug not fixed Update vCenter Server now! VMWare fixes...
Vietnamese Hackers Target U.K., U.S., and India with DarkGate Malware
Attacks leveraging the DarkGate commodity malware targeting entities in the U.K., the U.S., and India have been linked to Vietnamese actors associated with the use of the infamous Ducktail stealer. "The overlap of tools and campaigns is very likely due to the effects of a cybercrime marketplace,"...
DarkGate Malware Spreading via Messaging Services Posing as PDF Files
A piece of malware known as DarkGate has been observed being spread via instant messaging platforms such as Skype and Microsoft Teams. In these attacks, the messaging apps are used to deliver a Visual Basic for Applications VBA loader script that masquerades as a PDF document, which, when opened,...
DarkGate Malware Activity Spikes as Developer Rents Out Malware to Affiliates
A new malspam campaign has been observed deploying an off-the-shelf malware called DarkGate. "The current spike in DarkGate malware activity is plausible given the fact that the developer of the malware has recently started to rent out the malware to a limited number of affiliates," Telekom...