HomeCyber BalkansDarkGate Malware Enables Financially Motivated Hackers to Use RaaS

DarkGate Malware Enables Financially Motivated Hackers to Use RaaS

Published on

spot_img

After the FBI successfully shut down the Qakbot infrastructure in August 2023, a stark increase in the use of the DarkGate loader has been observed by security analysts at EclecticIQ. The research suggests that DarkGate is mainly being utilized by financially motivated groups like TA577, Ducktail, and RaaS operators such as BianLian and Black Basta. These groups are predominantly targeting European and American financial institutions, employing double extortion ransomware attacks to maximize their profits.

The modus operandi of these cybercriminals involves exploiting legitimate services like Google’s DoubleClick advertising network and cloud storage to deceive victims into downloading the DarkGate malware. This approach allows the attackers to surreptitiously gain access to the victims’ devices and pilfer their sensitive data remotely.

A significant development in the proliferation of DarkGate is attributed to a cybercriminal known as RastaFarEye. On June 16, 2023, RastaFarEye advertised the DarkGate Malware-as-a-Service (MaaS) on various online forums. This service equips hackers with the tools required to take control of victims’ devices and pilfer their data from a remote location. This dissemination of DarkGate on various forums signifies the expanding reach and influence of cybercriminal networks.

Security researchers at EclecticIQ have come to the conclusion that the primary targets of the DarkGate malware are financial institutions. For instance, an attempted phishing attack was made against Bank Deutsches Kraftfahrzeuggewerbe (BDK), the second-largest independent bank in Germany’s automotive sector. The attackers employed a malicious PDF attachment, tailored to the automotive industry, in an attempt to trick the bank’s employees. The phishing site redirected victims to a website designed to download DarkGate, which was concealed within a ZIP compressed file, a typical tactic used to evade security measures.

In light of these developments, security experts are recommending various measures to protect against DarkGate and similar cyber threats. They suggest monitoring for suspicious activity involving wscript.exe or cscript.exe running .vbs files from temporary folders. Additionally, tools like the SIGMA rule “Suspicious Script Execution from Temp Folder” or Elasticsearch KQL query can be employed to identify such activities. It is also advised to monitor network traffic for unusual patterns, including suspicious domain redirects and downloads of .CAB files.

In conclusion, the rise in the usage of DarkGate and its exploitation by financially motivated cybercriminal groups is a cause for concern. Financial institutions and individuals alike must remain vigilant and implement robust security measures to safeguard against the threat posed by DarkGate and similar malware. Staying updated on cybersecurity news and following best practices in cybersecurity defense are vital for mitigating the risks associated with such advanced cyber threats.

Source link

Latest articles

AI Tackles the Cyclospora Outbreak

Labs Employ AI to Accelerate Testing Amid Cyclospora Outbreak As the summer of 2026 unfolds,...

New Trick Discovered by Hackers to Collect Microsoft Entra User Data Stealthily

Heightened Security Awareness Required as OAuth Spoofing Campaigns Emerge Overview In a recent advisory, the security...

Hackers Conceal Lua Loaders in Fake TTF Files to Distribute Remcos, XWorm, and Agent Tesla

Growing Threat: Exploitation of Trusted File Formats by Cybercriminals In a troubling trend, cybersecurity experts...

EU Orders Google to Open Android to Compete with AI Agents

The recent regulatory developments by the European Union (EU) have significant implications not only...

More like this

AI Tackles the Cyclospora Outbreak

Labs Employ AI to Accelerate Testing Amid Cyclospora Outbreak As the summer of 2026 unfolds,...

New Trick Discovered by Hackers to Collect Microsoft Entra User Data Stealthily

Heightened Security Awareness Required as OAuth Spoofing Campaigns Emerge Overview In a recent advisory, the security...

Hackers Conceal Lua Loaders in Fake TTF Files to Distribute Remcos, XWorm, and Agent Tesla

Growing Threat: Exploitation of Trusted File Formats by Cybercriminals In a troubling trend, cybersecurity experts...