Trend Micro Flags Growing Wave of DarkGate Attacks Leveraged Through Breached Skype and Teams Profiles

Researchers at Trend Micro have raised the alarm over an escalating misuse of hacked Skype accounts to propagate the notorious DarkGate malware.

Trend Micro's report brought to light a disturbing series of incidents where multiple Skype accounts were breached and manipulated to disperse VBA loader script attachments. This script, deceptively cloaked with a filename resembling a PDF file, is, in reality, a malicious VBS file.

Once this shrouded script is downloaded and activated, it, in turn, downloads a second-stage AutoIT payload harboring the destructive DarkGate malware code.

The precise manner in which these Skype breaches occurred remains an enigma. However, they hypothesize that it could potentially be traced back to leaked credentials available on illicit forums or a prior compromise of the associated organization.

Simultaneously, the cyber felons also tried a similar approach with Microsoft Teams, a key player in the instant messaging and online collaboration space. The infiltrators chose Teams whose configurations permitted external user messages.

DarkGate is a notorious malware-as-a-service (MaaS) known for its diverse functionality, including hidden VNC, Windows Defender bypass, browser history theft, a built-in reverse proxy, file manager, and a Discord token stealer. Post the Quakbot shut down by law enforcement in the summer, Trend Micro researchers have noted a sharp upswing in DarkGate usage.

This pernicious malware was first spotted in 2018 when it misused legitimate AutoIT files and predominantly executed multiple AutoIT scripts. An updated version surfaced this May and was openly touted on a shady Russian web forum, according to Malpedia.

In conclusion, these recent DarkGate malware attacks through compromised Skype and Teams accounts signify a concerning trend in cybersecurity. Hackers are increasingly crafty, altering file names to blend into chat sequences and exploiting software vulnerabilities. The compromised accounts' origin remains unknown, further complicating cybersecurity measures. This scenario underscores the crucial need for robust security protocols, frequent password updates, and increased user awareness about potential threats. In an era defined increasingly by digital communication and remote work, ensuring the security of platforms like Skype and Microsoft Teams becomes not just desirable but absolutely essential.