Vietnam-based cybercrime groups have reportedly launched a campaign targeting digital marketing firms in India, the US, and the UK. They are employing a malicious combination of the 'Darkgate' malware and a Malware as a Service (MaaS) toolkit to compromise victims with rival remote access trojans (RATs) and other data-stealing malware like Ducktail, Lobshot, and Redline, according to cybersecurity company WithSecure.
Researchers identified multiple DarkGate malware infection attempts on August 4, primarily affecting these countries. The report highlights that the lure documents, attack tactics, delivery methods, and overall patterns align with recent DuckTail infostealer campaigns.
DarkGate is a Remote Access Trojan (RAT) that initially emerged in cyberspace in 2018. It is typically provided as a Malware-as-a-Service tool to cybercriminals.
Upon examining open-source data linked to the DarkGate malware campaign, researchers uncovered connections to several infostealers, suggesting that these attacks stem from the same group or threat actor.
The attack begins with a file named 'Salary and new products.8.4.zip.' When users unwittingly download and extract this file, a VBS script is triggered. This script proceeds to rename and duplicate the original Windows binary (Curl.exe) to a new location and connects to an external server to retrieve two additional files: autoit3.exe and an Autoit3 script compiled. The script subsequently executes the executable, de-obfuscates it, and assembles the DarkGate RAT using strings from the script.
Senior Threat Intelligence Analyst Stephen Robinson suggested, "Based on what we’ve observed, it is very likely that a single actor is behind several of the campaigns we’ve been tracking that target Meta Business accounts."
Once the attackers gain control of an account, they have the capability to engage in various malicious activities, including malware distribution and fraud.
The report underscores the growing importance of cybersecurity and the need for robust defences against increasingly sophisticated cyber threats targeting organizations worldwide.
This type of cyberattack reflects the evolving landscape of cybersecurity threats, as attackers adapt and employ a wide range of techniques to compromise targets, from individuals to major corporations.
Please note that cybersecurity remains an ongoing concern and must be approached with vigilance and diligence, especially in sectors dealing with sensitive data or involved in critical infrastructure.
ALSO READ: Google ordered to compensate female executive $1.1 million for gender bias
It's crucial for businesses and individuals alike to stay informed about the latest cybersecurity trends and to implement comprehensive security measures to protect against these types of threats. Organizations should also consider investing in cybersecurity awareness training for employees to help them recognize and mitigate potential risks.
Inputs from IANS
