Compromised Skype accounts deliver DarkGate malware to employees

2023-10-16 13:43

A threat actor is using compromised Skype accounts to deliver the DarkGate malware to target organizations, Trend Micro researchers have warned.

"Versions of DarkGate have been advertised on Russian language forum eCrime since May 2023. Since then, an increase in the number of initial entry attacks using the malware has been observed," they noted.

The threat actor leverages compromised Skype accounts to contact employees at target organization by impersonating a trusted external supplier.

Delivery of the DarkGate malware is not executed just via Skype.

Depending on who bought the DarkGate variant used in specific attacks, the follow-up of a DarkGate infection might include covert cryptomining or ransomware delivery.

DarkGate's recent popularity might be down to law enforcement disruptions of the Emotet and Qakbot botnets, which were previously extensively used by attackers to deliver all kinds of malware to a wide pool of targets.

News URL

https://www.helpnetsecurity.com/2023/10/16/darkgate-malware-skype/

#malware #skype