DarkGate, the Swiss Army knife of malware, sees boom after rival Qbot crushed

2024-07-16 00:15

The DarkGate malware family has become more prevalent in recent months, after one of its main competitors was taken down by the FBI. The malware was discovered by endpoint security outfit enSilo's security maven Adi Zeligson in 2018 - but it has evolved over the years.

Blackford's threat-hunting team recently detected a gang it tracks as TA571 using DarkGate to gain access to more than 1,000 organizations.

Palo Alto Networks' Unit 42 security team has also observed a surge in DarkGate usage since September 2023.

"In the aftermath of the QBot takedown, we saw the main actor who was distributing QBot pivot to DarkGate, and then a number of other actors followed suit," Blackford observed.

"With its multifaceted attack vectors and evolution into a full-fledged MaaS offering, DarkGate demonstrates a high level of complexity and persistence," according to the security shop.

It's also worth pointing out that DarkGate and other malware campaigns continue to use phishing emails and send malicious files for one reason: because these techniques work.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/07/16/darkgate_malware/

#army #malware #swiss

News URL

Related news