40 matches found
New ClickFix Attack Uses Fake Browser Fix to Install DarkGate Malware
Researchers at Point Wild have discovered a new ClickFix attack campaign that tricks users into manually installing DarkGate malware via fake browser extension alerts. Learn how this attack bypasses security by using the Windows Run box and how you can stay safe...
Malicious Perplexity Comet Browser Download Ads Push Malware Via Google
Attackers are exploiting Google Ads with fake Comet Browser download links to spread malware disguised as Perplexity’s official installer. The campaign, tracked by DataDome, has ties to DarkGate...
ClickFix vs. traditional download in new DarkGate campaign
During the past several months there have been numerous malware campaigns that use a technique something referred to as "ClickFix". It often consists of a fake CAPTCHA or similar traffic validation page where visitors are instructed to paste and execute code in order to proceed. We have started t...
Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware
A new social engineering campaign has leveraged Microsoft Teams as a way to facilitate the deployment of a known malware called DarkGate. "An attacker used social engineering via a Microsoft Teams call to impersonate a user's client and gain remote access to their system," Trend Micro researchers...
Vishing via Microsoft Teams Facilitates DarkGate Malware Intrusion
In this blog entry, we discuss a social engineering attack that tricked the victim into installing a remote access tool, triggering DarkGate malware activities and an attempted C&C connection...
Black Basta Ransomware Evolves with Email Bombing, QR Codes, and Social Engineering
The threat actors linked to the Black Basta ransomware have been observed switching up their social engineering tactics, distributing a different set of payloads such as Zbot and DarkGate since early October 2024. "Users within the target environment will be email bombed by the threat actor, whic...
Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware
Executive Summary Beginning in early October, Rapid7 has observed a resurgence of activity related to the ongoing social engineering campaign being conducted by Black Basta ransomware operators. Rapid7 initially reported the discovery of the novel social engineering campaign back in May, 2024,...
DarkGate Malware Exploits Samba File Shares in Short-Lived Campaign
Cybersecurity researchers have shed light on a short-lived DarkGate malware campaign that leveraged Samba file shares to initiate the infections. Palo Alto Networks Unit 42 said the activity spanned the months of March and April 2024, with the infection chains using servers running public-facing...
DarkGate switches up its tactics with new payload, email templates
This post was authored by Kalpesh Mantri. Cisco Talos is actively tracking a recent increase in activity from malicious email campaigns containing a suspicious Microsoft Excel attachment that, when opened, infected the victims system with the DarkGate malware. These campaigns, active since the...
DarkGate Malware Replaces AutoIt with AutoHotkey in Latest Cyber Attacks
Cyber attacks involving the DarkGate malware-as-a-service MaaS operation have shifted away from AutoIt scripts to an AutoHotkey mechanism to deliver the last stages, underscoring continued efforts on the part of the threat actors to continuously stay ahead of the detection curve. The updates have...
DarkGate again but... Improved?
DarkGate again but... Improved? By Ernesto Fernández Provecho · June 3, 2024 Executive summary During 2023, DarkGate made a comeback with a version full of new features, becoming one of the most preferred Remote Access Trojans RATs by malicious actors. However, this momentum also required...
DarkGate Malware: Persistent Threat in Active Distribution
...
Latrodectus Malware Loader Emerges as IcedID's Successor in Phishing Campaigns
Cybersecurity researchers have observed a spike in email phishing campaigns starting early March 2024 that delivers Latrodectus, a nascent malware loader believed to be the successor to the IcedID malware. "These campaigns typically involve a recognizable infection chain involving oversized...
Massive Phishing Campaign Strikes Latin America: Venom RAT Targeting Multiple Sectors
The threat actor known as TA558 has been attributed to a new massive phishing campaign that targets a wide range of sectors in Latin America with the goal of deploying Venom RAT. The attacks primarily singled out hotel, travel, trading, financial, manufacturing, industrial, and government vertica...
DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack
A DarkGate malware campaign observed in mid-January 2024 leveraged a recently patched security flaw in Microsoft Windows as a zero-day using bogus software installers. "During this campaign, users were lured using PDFs that contained Google DoubleClick Digital Marketing DDM open redirects that le...
CVE-2024-21412: DarkGate Operators Exploit Microsoft Windows SmartScreen Bypass in Zero-Day Campaign
In addition to our Water Hydra APT zero day analysis, the Zero Day Initiative ZDI observed a DarkGate campaign which we discovered in mid-January 2024 where DarkGate operators exploited CVE-2024-21412...
New Mispadu Banking Trojan Exploiting Windows SmartScreen Flaw
The threat actors behind the Mispadu banking Trojan have become the latest to exploit a now-patched Windows SmartScreen security bypass flaw to compromise users in Mexico. The attacks entail a new variant of the malware that was first observed in 2019, Palo Alto Networks Unit 42 said in a report...
Microsoft Teams External Access Abuses to Spread DarkGate Malware
By Waqas Threat actors are exploiting Microsoft Teams' External Access feature to spread DarkGate malware through chats. This is a post from HackRead.com Read the original post: Microsoft Teams External Access Abuses to Spread DarkGate Malware...
SystemBC Malware's C2 Server Analysis Exposes Payload Delivery Tricks
Cybersecurity researchers have shed light on the command-and-control C2 server workings of a known malware family called SystemBC. "SystemBC can be purchased on underground marketplaces and is supplied in an archive containing the implant, a command-and-control C2 server, and a web administration...
Invoice Phishing Alert: TA866 Deploys WasabiSeed & Screenshotter Malware
The threat actor tracked as TA866 has resurfaced after a nine-month hiatus with a new large-volume phishing campaign to deliver known malware families such as WasabiSeed and Screenshotter. The campaign, observed earlier this month and blocked by Proofpoint on January 11, 2024, involved sending...