DarkGate Malware, also known as BattleRoyal, spreads through weaponized fake browser updates and emails.
Once installed, it permits the download and execution of further malware.
According to Proofpoint, a new malware has been discovered that is designed to download additional malware directly into the memory of both 32- and 64-bit systems.
The malware is created using Delphi, and its unique characteristic is that it does not reside in the file system, making it harder to detect.
The report states that a total of 20 email campaigns have been identified to have utilized the DarkGate malware.
GroupID is a configuration parameter that uniquely identifies your project across all projects, also known as username, botnet, campaign, or flag 23.
The RogueRaticate fraudulent update activity cluster uses a tricky obfuscation method originally discovered in 2020.
End users' web browsers were infected with a DarkGate payload through fraudulent browser update requests.
To prevent detection, sensitive information can be concealed using steganography within a regular, non-secret file or message.
At its destination, the sensitive data will subsequently be removed from the regular file or communication, preventing discovery.
In the meantime, the stenographer will send a request to a Keitaro domain owned by the actor to filter out any unwanted traffic.
The fake browser update is designed for users who bypass traffic inspection, and clicking the update button installs malware on their browser.
This Cyber News was published on cybersecuritynews.com. Publication date: Sat, 23 Dec 2023 08:50:34 +0000