Lucene search
K

40 matches found

HackRead
HackRead
added 2025/12/17 3:10 p.m.8 views

New ClickFix Attack Uses Fake Browser Fix to Install DarkGate Malware

Researchers at Point Wild have discovered a new ClickFix attack campaign that tricks users into manually installing DarkGate malware via fake browser extension alerts. Learn how this attack bypasses security by using the Windows Run box and how you can stay safe...

7AI score
Exploits0
HackRead
HackRead
added 2025/10/17 11:6 a.m.7 views

Malicious Perplexity Comet Browser Download Ads Push Malware Via Google

Attackers are exploiting Google Ads with fake Comet Browser download links to spread malware disguised as Perplexity’s official installer. The campaign, tracked by DataDome, has ties to DarkGate...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/01/31 11:43 p.m.8 views

ClickFix vs. traditional download in new DarkGate campaign

During the past several months there have been numerous malware campaigns that use a technique something referred to as "ClickFix". It often consists of a fake CAPTCHA or similar traffic validation page where visitors are instructed to paste and execute code in order to proceed. We have started t...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2024/12/17 4:35 p.m.4 views

Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware

A new social engineering campaign has leveraged Microsoft Teams as a way to facilitate the deployment of a known malware called DarkGate. "An attacker used social engineering via a Microsoft Teams call to impersonate a user's client and gain remote access to their system," Trend Micro researchers...

8.1AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2024/12/13 12:0 a.m.11 views

Vishing via Microsoft Teams Facilitates DarkGate Malware Intrusion

In this blog entry, we discuss a social engineering attack that tricked the victim into installing a remote access tool, triggering DarkGate malware activities and an attempted C&C connection...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2024/12/09 5:44 p.m.7 views

Black Basta Ransomware Evolves with Email Bombing, QR Codes, and Social Engineering

The threat actors linked to the Black Basta ransomware have been observed switching up their social engineering tactics, distributing a different set of payloads such as Zbot and DarkGate since early October 2024. "Users within the target environment will be email bombed by the threat actor, whic...

7.6AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2024/12/04 3:45 p.m.9 views

Black Basta Ransomware Campaign Drops Zbot, DarkGate, and Custom Malware

Executive Summary Beginning in early October, Rapid7 has observed a resurgence of activity related to the ongoing social engineering campaign being conducted by Black Basta ransomware operators. Rapid7 initially reported the discovery of the novel social engineering campaign back in May, 2024,...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2024/07/12 2:51 p.m.31 views

DarkGate Malware Exploits Samba File Shares in Short-Lived Campaign

Cybersecurity researchers have shed light on a short-lived DarkGate malware campaign that leveraged Samba file shares to initiate the infections. Palo Alto Networks Unit 42 said the activity spanned the months of March and April 2024, with the infection chains using servers running public-facing...

7AI score
Exploits0
Talos Blog
Talos Blog
added 2024/06/05 12:0 p.m.25 views

DarkGate switches up its tactics with new payload, email templates

This post was authored by Kalpesh Mantri. Cisco Talos is actively tracking a recent increase in activity from malicious email campaigns containing a suspicious Microsoft Excel attachment that, when opened, infected the victims system with the DarkGate malware. These campaigns, active since the...

7.9AI score
Exploits0
The Hacker News
The Hacker News
added 2024/06/04 6:33 a.m.34 views

DarkGate Malware Replaces AutoIt with AutoHotkey in Latest Cyber Attacks

Cyber attacks involving the DarkGate malware-as-a-service MaaS operation have shifted away from AutoIt scripts to an AutoHotkey mechanism to deliver the last stages, underscoring continued efforts on the part of the threat actors to continuously stay ahead of the detection curve. The updates have...

8.8CVSS7.3AI score0.95443EPSS
Exploits4
Trellix
Trellix
added 2024/06/03 12:0 a.m.6 views

DarkGate again but... Improved?

DarkGate again but... Improved? By Ernesto Fernández Provecho · June 3, 2024 Executive summary During 2023, DarkGate made a comeback with a version full of new features, becoming one of the most preferred Remote Access Trojans RATs by malicious actors. However, this momentum also required...

7.8AI score
Exploits0
hivepro
hivepro
added 2024/05/20 1:2 p.m.20 views

DarkGate Malware: Persistent Threat in Active Distribution

...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2024/05/20 5:47 a.m.15 views

Latrodectus Malware Loader Emerges as IcedID's Successor in Phishing Campaigns

Cybersecurity researchers have observed a spike in email phishing campaigns starting early March 2024 that delivers Latrodectus, a nascent malware loader believed to be the successor to the IcedID malware. "These campaigns typically involve a recognizable infection chain involving oversized...

8.2AI score
Exploits0
The Hacker News
The Hacker News
added 2024/04/02 4:54 a.m.31 views

Massive Phishing Campaign Strikes Latin America: Venom RAT Targeting Multiple Sectors

The threat actor known as TA558 has been attributed to a new massive phishing campaign that targets a wide range of sectors in Latin America with the goal of deploying Venom RAT. The attacks primarily singled out hotel, travel, trading, financial, manufacturing, industrial, and government vertica...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2024/03/14 4:57 a.m.95 views

DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack

A DarkGate malware campaign observed in mid-January 2024 leveraged a recently patched security flaw in Microsoft Windows as a zero-day using bogus software installers. "During this campaign, users were lured using PDFs that contained Google DoubleClick Digital Marketing DDM open redirects that le...

8.8CVSS6.8AI score0.95443EPSS
Exploits4
Trend Micro Simply Security
Trend Micro Simply Security
added 2024/03/13 12:0 a.m.95 views

CVE-2024-21412: DarkGate Operators Exploit Microsoft Windows SmartScreen Bypass in Zero-Day Campaign

In addition to our Water Hydra APT zero day analysis, the Zero Day Initiative ZDI observed a DarkGate campaign which we discovered in mid-January 2024 where DarkGate operators exploited CVE-2024-21412...

8.1CVSS7.1AI score0.95443EPSS
Exploits2
The Hacker News
The Hacker News
added 2024/02/05 3:45 a.m.81 views

New Mispadu Banking Trojan Exploiting Windows SmartScreen Flaw

The threat actors behind the Mispadu banking Trojan have become the latest to exploit a now-patched Windows SmartScreen security bypass flaw to compromise users in Mexico. The attacks entail a new variant of the malware that was first observed in 2019, Palo Alto Networks Unit 42 said in a report...

8.8CVSS9.4AI score0.88196EPSS
Exploits2
HackRead
HackRead
added 2024/01/30 10:50 p.m.16 views

Microsoft Teams External Access Abuses to Spread DarkGate Malware

By Waqas Threat actors are exploiting Microsoft Teams' External Access feature to spread DarkGate malware through chats. This is a post from HackRead.com Read the original post: Microsoft Teams External Access Abuses to Spread DarkGate Malware...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2024/01/25 2:23 p.m.32 views

SystemBC Malware's C2 Server Analysis Exposes Payload Delivery Tricks

Cybersecurity researchers have shed light on the command-and-control C2 server workings of a known malware family called SystemBC. "SystemBC can be purchased on underground marketplaces and is supplied in an archive containing the implant, a command-and-control C2 server, and a web administration...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2024/01/20 2:16 a.m.44 views

Invoice Phishing Alert: TA866 Deploys WasabiSeed & Screenshotter Malware

The threat actor tracked as TA866 has resurfaced after a nine-month hiatus with a new large-volume phishing campaign to deliver known malware families such as WasabiSeed and Screenshotter. The campaign, observed earlier this month and blocked by Proofpoint on January 11, 2024, involved sending...

7.3AI score
Exploits0
Rows per page
Query Builder