Cybercriminelen misbruiken microsoft teams en anydesk voor malware-aanvallen https://www.trendingtech.news/trending-news/2024/12/50246/cybercriminelen-misbruiken-microsoft-teams-en-anydesk-voor-malware-aanvallen #cybercriminaliteit #Microsoft Teams #AnyDesk #DarkGate malware #beveiligingsmaatregelen #Trending #News #Nieuws

DarkGate Malware Distributed Through Microsoft Teams Vishing Attack - https://www.redpacketsecurity.com/attacker-distributes-darkgate-using-ms-teams-vishing-technique/

#threatintel #Microsoft_Teams #vishing #DarkGate

Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware https://thehackernews.com/2024/12/attackers-exploit-microsoft-teams-and.html

#DarkGate #Malware #CyberSec

A new malicious campaign uses impersonation via Microsoft Teams voice phishing (vishing), tricking the victims into downloading AnyDesk for remote access and deploying #DarkGate malware.

https://socprime.com/blog/darkgate-malware-detection/?utm_source=mastodon&utm_medium=social&utm_campaign=cert-ua&utm_content=blog-post

📬 Keylogger versteckte sich in Erweiterung von Pidgin
#Cyberangriffe #Darkgate #Eset #Jabber #Keylogger #Pidgin https://sc.tarnkappe.info/b4019a

#Malware infiltrates #Pidgin messenger’s official plugin repository https://www.bleepingcomputer.com/news/security/malware-infiltrates-pidgin-messengers-official-plugin-repository/ I used to use Pidgin to communicate with friends on AIM and similar messenger apps. The malicious plugin was offered only as a binary, not open source code. Worryingly, it had valid signatures, and so did the malware it downloaded. #DarkGate #Jabber #messenger

Malware infiltrates Pidgin messenger's official plugin repository
https://www.bleepingcomputer.com/news/security/malware-infiltrates-pidgin-messengers-official-plugin-repository/
#ycombinator #computers #windows #linux #mac #support #tech_support #spyware #malware #virus #security #DarkGate #Messenger #Pidgin #Plugin #Supply_Chain #Supply_Chain_Attack #virus_removal #malware_removal #computer_help #technical_support

DarkGate: Dancing the Samba With Alluring Excel Files
#DarkGate
https://unit42.paloaltonetworks.com/darkgate-malware-uses-excel-files/

「 #マルウェア の #スイスアーミーナイフ である #DarkGate が、ライバルの Qbot が潰されたことでブームに 」： The Register

「DarkGate マルウェア ファミリは、主な競合他社の 1 つが FBI によって排除された後、ここ数カ月でさらに蔓延しています。
開発者は RastaFarEye という名前で呼ばれるこのソフトウェアは、キーロギングからデータや資格情報の盗難、さらにはリモート アクセスに至るまであらゆる用途に使用でき、 ランサムウェアの展開 に使用される可能性があります。 DarkGate に感染すると、犯罪者はコンピュータを完全に制御できるようになります。」

https://www.theregister.com/2024/07/16/darkgate_malware/

#prattohome #TheRegister

We have new intel regarding a campaign using "PasteJacking" to distribute the DarkGate malware. Nothing like end-users blindly pasting the contents of their clipboard and following malicious instructions - 🤦‍♂️ - We discuss in detail in this episode of The Security Swarm Podcast > https://buff.ly/3KFnK9w - #cybersecurity #darkgate #secops

DarkGate switches up its tactics with new payload, email templates
#DarkGate
https://blog.talosintelligence.com/darkgate-remote-template-injection/

How #DarkGate is using new Remote Template Injection techniques to bypass detection https://blog.talosintelligence.com/darkgate-remote-template-injection/

DarkGate Malware Switches to AutoHotkey for Advanced Evasion Techniques

Date: June 2024
CVE: CVE-2023-36025, CVE-2024-21412
Vulnerability Type: Remote Code Execution, Information Disclosure
CWE: [[CWE-22]], [[CWE-427]]
Sources: McAfee , Trend Micro, The Hacker News

Synopsis

DarkGate malware, known for its stealth and versatility, has recently transitioned from using AutoIt to AutoHotkey for its attack scripts. This shift enhances its evasion capabilities against security software, posing a renewed threat to targeted systems.

Issue Summary

The DarkGate malware has been active since 2018, offering a range of malicious functions including remote access, keylogging, and data theft. In its latest iteration, observed in March 2024, the malware has switched from AutoIt to AutoHotkey scripts to bypass detection mechanisms such as Microsoft Defender SmartScreen. The malware is distributed through phishing emails containing malicious HTML or Excel attachments.

Technical Key Findings

DarkGate initiates its attack via a phishing email, tricking users into opening a malicious HTML or Excel file. This file exploits security flaws in Microsoft Defender SmartScreen, allowing a Visual Basic Script to execute PowerShell commands that launch an AutoHotkey script. This script then downloads and executes the DarkGate payload.

Vulnerable Products

• Microsoft Windows systems running outdated or unpatched versions of Microsoft Defender SmartScreen
• Any systems susceptible to phishing attacks via email clients

Impact Assessment

When exploited, DarkGate can provide attackers with full remote access to compromised systems. This includes capabilities for credential theft, keylogging, screen capturing, and installing additional malware, significantly jeopardizing the integrity and security of affected systems.

Patches or Workarounds

N.A.

Tags

#DarkGate #Malware #CVE-2023-36025 #CVE-2024-21412 #AutoHotkey #RemoteAccessTrojan #Phishing #MicrosoftDefender #CyberSecurity #threatintelligence

Под капотом DarkGate: разбираем ВПО-мультитул

Исследователи кибербезопасности обнаружили вредоносное ПО, которое сочетает в себе функции загрузчика, стилера и RAT. Рассказываем, как оно было разработано, для чего используется и почему применяется в атаках на российские компании вопреки ограничению от разработчика. Читать

https://habr.com/ru/companies/bizone/articles/814899/

#darkgate #впо #вредоносное_программное_обеспечение #реверс_инжиниринг #исследование_безопасности #rat #стилер #загрузчик

Campagne #Malware #Italy Week 18

☠️🔥👻💣
#AgentTesla: Ordine
#Formbook: Offerta
#Irata: APK Bank
#Remcos: Modulo
#ZGRat: Offerta
#DarkCloud: Ordine
#LockBit: Photo
#DarkGate: Report

#mwitaly

Campagne #Malware #Italy Week 15

👻💣🔥☠️
#AgentTesla: Ordine
#Formbook: Fattura
#SpyNote #Irata: APK Bank - INPS
#Guloader: Contratto
#DarkGate: Documento
#Remcos: Offerta
#ZGRat: Booking
#mwitaly

#DarkGate operators abused Google Ads technology to widen their malicious reach in a zero-day campaign that exploited the Windows Defender SmartScreen bypass vulnerability CVE-2024-21412.
#infosec
Here’s how the attack was
carried out
https://www.trendmicro.com/en_us/research/24/c/cve-2024-21412--darkgate-operators-exploit-microsoft-windows-sma.html?utm_source=trendmicroresearch&utm_medium=smk&utm_campaign=032024_DarkGateSmartScreen

#DarkGate operators abused Google Ads technology to widen their malicious reach in a zero-day campaign that exploited the Windows Defender SmartScreen bypass vulnerability CVE-2024-21412.

Here’s how the attack was carried out: ⬇️ https://research.trendmicro.com/4c7tw0d

#Recent #DarkGate campaign exploited #Microsoft #Windows zero-day
https://securityaffairs.com/160457/malware/recent-darkgate-campaign-exploited-microsoft-zero-day.html
#securityaffairs #hacking #malware

Hackers exploit #Windows SmartScreen flaw to drop #DarkGate malware ⚠️

https://www.bleepingcomputer.com/news/security/hackers-exploit-windows-smartscreen-flaw-to-drop-darkgate-malware/