DarkGate Malware Targets Skype Users: A Deep Dive into the Threat Landscape

October 14, 2023
Jamie Davidson
3 Min Read
January 21, 2024
skype

Between July and September, a surge in DarkGate malware attacks was observed, leveraging compromised Skype accounts to target unsuspecting users. These attacks were characterized by messages containing VBA loader script attachments, which, when executed, would lead to the download and execution of the DarkGate malware payload.

Key Highlights:

  • DarkGate malware attacks utilized compromised Skype accounts to spread malicious VBA loader script attachments.
  • The malware’s second stage involves an AutoIt script that drops and executes the final DarkGate payload.
  • The attackers were able to hijack existing Skype messaging threads, crafting file names to align with the chat’s context.
  • The exact method of Skype account compromise remains unclear but could involve leaked credentials or prior organizational breaches.
  • DarkGate operators also attempted to distribute their malware through Microsoft Teams, especially in configurations that accepted messages from external users.

The Modus Operandi:

Upon gaining access to a victim’s Skype account, the threat actor could seamlessly hijack an existing messaging thread. This allowed them to craft the naming convention of the malicious files to resonate with the chat’s history, making the threat even more deceptive. While the exact method of how these Skype accounts were compromised remains a mystery, there are speculations. Some believe it could be through leaked credentials available on underground forums, while others think it might be due to a prior compromise of the parent organization.

Microsoft Teams: Another Target:

Interestingly, Skype wasn’t the only platform in the crosshairs. Trend Micro researchers also observed attempts by DarkGate operators to push their malware payload through Microsoft Teams. This was especially prevalent in organizations where Teams was set up to accept messages from external users. Previous campaigns that targeted Microsoft Teams users with malicious VBScript to deploy the DarkGate malware were identified by cybersecurity firms like Truesec and Malwarebytes.

The Ultimate Goal:

The endgame for these attacks isn’t singular. Depending on the specific DarkGate variant and the threat group behind it, the objectives can range from deploying ransomware to cryptomining. Recent telemetry data has shown a connection between DarkGate and tools commonly associated with the Black Basta ransomware group.

DarkGate’s Growing Influence:

The cybercriminal landscape has seen a notable increase in the adoption of the DarkGate malware loader, especially for initial access into corporate networks. This trend became more pronounced following the disruption of the Qakbot botnet. Interestingly, an individual claiming to be DarkGate’s developer even tried to sell subscriptions on hacking forums, boasting a plethora of features for the malware. This recent spike in DarkGate’s activity highlights its growing stature as a malware-as-a-service (MaaS) operation and the relentless determination of its operators.

Summary:

The DarkGate malware has emerged as a significant threat, especially with its ability to compromise Skype accounts and spread through deceptive messages. The malware’s tactics are sophisticated, leveraging existing chat threads to make its malicious files appear legitimate. With the malware also targeting platforms like Microsoft Teams, it’s evident that the threat landscape is evolving. Organizations and individuals must remain vigilant, updating their cybersecurity measures to counter such evolving threats.

FacebookXWhatsAppReddit

About the author

View All Posts
Jamie

Jamie Davidson

Jamie is the Senior Rumors Analyst at PC-Tablet.com, with over 5 years of experience in tech journalism. He holds a postgraduate degree in Biotechnology, blending his scientific expertise with a deep passion for technology. Jamie plays a key role in managing the office staff writers, ensuring they stay informed with the latest technological developments and industry rumors. Known for his quiet nature, he is also an avid Chess player. Jamie’s analytical skills and dedication to following tech trends make him an essential contributor to the team, helping to maintain the site’s reputation for timely and accurate reporting.

Web Stories

5 Best Projectors in 2024: Top Long Throw and Laser Projectors for Every Budget
5 Best Projectors in 2024: Top Long Throw and Laser Projectors for Every Budget
5 Best Laptop of 2024
5 Best Laptop of 2024
5 Best Gaming Phones in Sept 2024: Motorola Edge Plus, iPhone 15 Pro Max & More!
5 Best Gaming Phones in Sept 2024: Motorola Edge Plus, iPhone 15 Pro Max & More!
6 Best Football Games of all time: from Pro Evolution Soccer to Football Manager
6 Best Football Games of all time: from Pro Evolution Soccer to Football Manager
5 Best Lightweight Laptops for High School and College Students
5 Best Lightweight Laptops for High School and College Students
5 Best Bluetooth Speaker in 2024
5 Best Bluetooth Speaker in 2024
6 Best Android Phones Under $100 in 2024
6 Best Android Phones Under $100 in 2024
6 Best Wireless Earbuds for 2024: Find Your Perfect Pair for Crystal-Clear Audio
6 Best Wireless Earbuds for 2024: Find Your Perfect Pair for Crystal-Clear Audio
Best Macbook Air Deals on 13 & 15-inch Models Start from $149
Best Macbook Air Deals on 13 & 15-inch Models Start from $149
View all stories
5 Best Projectors in 2024: Top Long Throw and Laser Projectors for Every Budget 5 Best Laptop of 2024 5 Best Gaming Phones in Sept 2024: Motorola Edge Plus, iPhone 15 Pro Max & More! 6 Best Football Games of all time: from Pro Evolution Soccer to Football Manager 5 Best Lightweight Laptops for High School and College Students 5 Best Bluetooth Speaker in 2024 6 Best Android Phones Under $100 in 2024 6 Best Wireless Earbuds for 2024: Find Your Perfect Pair for Crystal-Clear Audio Best Macbook Air Deals on 13 & 15-inch Models Start from $149