A new malspam campaign has been observed deploying an off-the-shelf malware called DarkGate.
The current spike in DarkGate malware activity is plausible, given the fact that the developer of the malware has recently started to rent out the malware to a limited number of affiliates, Telekom Security said in a report published last week.
In the report, the company details how this particular campaign uses an AutoIt script to execute a shellcode that acts as a conduit to decrypt and launch DarkGate via a crypter.
An alternate variation of the attacks have been observed using a Visual Basic Script in place of an MSI file, which uses cURL to retrieve the AutoIt executable and script file.
This allows the attacker to extract the encrypted malware sample.
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply