Published: September 26, 2023 on our newsletter Security Fraud News & Alerts Newsletter.
You can turn off the Bat Signal. It’s not the Dark Knight that can save you from this threat. What is it heading toward Gotham this time? It’s a relatively new and dangerous type of malware that is designed to download and execute other malware on infected systems. In recent months, DarkGate has gained a lot of attention in the cybersecurity world due to its increased use in phishing campaigns that exploit Microsoft Teams accounts. It can be used to send malicious attachments and infect companies’ systems.
It’s no joke. Once an unknowing recipient opens the malicious attachment, the malware gets installed on their computer. The malware then downloads and executes additional malware, such as banking trojans or ransomware, depending on what the attacker seeks to accomplish.
The malware has remote access functionality, file management capabilities, and supports malicious activities such as data exfiltration and further propagation of the malware within the network. This gives the attacker a lot of leverage.
Riddle me this
What is malware-as-a-service (MaaS)? There isn’t much of a riddle there. Like other MaaS, DarkGate is available on a subscription model. Prices range from $1,000 per day to $15,000 per month to $100,000 a year, depending on what the actor wants to do. However, its creator has limited its access to only a small number of affiliates. Whew!
Its bag of tricks
Cybercriminals use various tactics to distribute the DarkGate malware. These include malware spam, malicious ads, and SEO poisoning. For example, a malvertising campaign was discovered in July 2023 that lured potential victims to a fraudulent site for a Windows IT management tool.
A recent spike in DarkGate distribution has been attributed to a phishing campaign that abuses Microsoft Teams messages to send malicious attachments. This means it can target a lot of people, very quickly.
Giving it a 1, 2, 3 Pow! Wham!
To avoid falling victim to the DarkGate malware, it is crucial to be cautious when opening attachments or clicking on links in messages from unknown or suspicious sources, even if they appear to be from a legitimate Microsoft Teams account. Also, be sure to notify your IT department or security team of any suspicious messages.
You should also keep your operating system and security software up to date and remember to use strong passwords and two-factor authentication on all your accounts.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org