For several months already, the malware known as DarkGate does not let security experts sleep peacefully.
In fact, between July and September, the researchers of Trend Micro analyzed this campaign in which the fearsome malicious agent was spread through messaging platforms. However, it was used in the past Microsoft Teams as the main carrier, this was joined by Skype.
The two services are used as loader to spread the payload which opens up to the second phase of the infection, i.e. one script AutoIT which contains the actual malware. The researchers hypothesize that the source accounts of the instant messaging applications were compromised through stolen credentials made available on forums frequented by cybercriminals.
On the other hand, the origins of DarkGate are not so recent: the malware, in fact, was identified for the first time by Fortinet way back in 2017. One of the strengths of this malicious agent is its ability to perform various operations on the infected device.
DarkGate is no longer limited only to Teams: Skype is also in its sights
In addition to carrying out operations keyloggingal theft of browser information and the use of remote access softwareDarkGate is even capable of update automatically to its most recent version.
DarkGate falls within the context of malware-as-a-service (MaaS), i.e. malicious agents that sell offers from their creators to cybercriminals for autonomous use.
Regarding the spread of this malware, it must be said that i cases in Europe there are not very many, with a prevalence of findings in America, Asia and Africa. Finally, Trend Micro experts wanted to underline how important prevention is to avoid potentially disastrous infections.
In this sense, companies should apply measures such as blocking external domainsand thorough attachment checking and regular scans to detect anomalies on the devices used during work.
The use of password robuste e suite antivirus high level (and constantly updated), they can help drastically reduce the risks related to malware.