DarkGate Malware Spreads Via Stolen Skype Accounts

Between July and September, DarkGate malware attacks leveraged compromised Skype accounts to infect targets via messages with VBA loader script attachments. Security researchers from Trend Micro detected these attacks, revealing that the script downloads a second-stage AutoIT script, which then deploys the final DarkGate malware payload. Trend Micro noted that the attackers gained access to victims' Skype accounts, enabling them to hijack messaging threads and tailor file names to match chat history context. It remains uncertain how the attackers initially compromised instant messaging accounts, but it is suspected to be a result of leaked credentials from underground forums or previous organization compromises. Additionally, Trend Micro observed DarkGate operators attempting to deliver their malware through Microsoft Teams in organizations with external user messaging enabled. Read more...