North America, Europe, and portions of Asia have been subjected to a fleeting attack campaign distributing the DarkGate malware-as-a-service payload through the exploitation of Samba file shares, according to The Hacker News.
Malicious Microsoft Excel files have been used by threat actors to facilitate the execution of a Samba file share-hosted VBS code, which enables the retrieval of a PowerShell script and other files, an analysis from Palo Alto Networks Unit 42 revealed. Such PowerShell script triggers another PowerShell script that enables the installation of an AutoHotKey package for DarkGate before eventually deploying the malware, which proceeds with security software scanning and CPU data monitoring before conducting data exfiltration to a connected command-and-control server, researchers said. "As DarkGate continues to evolve and refine its methods of infiltration and resistance to analysis, it remains a potent reminder of the need for robust and proactive cybersecurity defenses," added researchers.
