Escalating DarkGate malware activity observed

Malicious activity involving the DarkGate malware has significantly increased as usage of the payload expanded to the developer's affiliates, The Hacker News reports. Attackers behind a new high-volume DarkGate malware campaign hijacked email threads to lure targets into clicking a malicious URL that would download an MSI file, which then decrypts and executes the malware, which not only bypasses detection and establishes persistence but also enables privilege escalation, data exfiltration, and cryptocurrency miner deployment, according to a Telekom Security report. Researchers also noted that some DarkGate malware attacks leveraged a Visual Basic Script that later utilizes cURL to enable payload distribution. DarkGate has been touted as the "ultimate tool for pentesters/redteamers," due to unique features not available in other payloads, with the developer offering daily, monthly, and yearly subscriptions worth $1,000, $15,000, and $100,000, respectively. Malware loaders, trojans, and information-stealing malware have been mainly distributed through phishing attacks, with an HP Wolf Security report showing email as the key malware delivery vector during the second quarter of 2023.