DarkGate Malware Being Spread Via Excel Docs Attached To Phishing Emails

Phishing Campaign Delivers MalwareA phishing campaign is spreading the DarkGate malware using new techniques to evade security filters, according to researchers at Cisco Talos.

“The DarkGate malware family is distinguished by its covert spreading techniques, ability to steal information, evasion strategies, and widespread impact on both individuals and organizations” the researchers explain.

“Recently, DarkGate has been observed distributing malware through Microsoft Teams and even via malvertising campaigns. Notably, in the latest campaign, AutoHotKey scripting was employed instead of AutoIT, indicating the continuous evolution of DarkGate actors in altering the infection chain to evade detection.”

The malware is delivered via malicious Excel documents attached to phishing emails. The emails purport to come from a company’s CEO, and urge recipients to review the attached documents as soon as possible.

“Talos’ intent analysis of these emails revealed that the primary purpose of the emails primarily pertained to financial or official matters, compelling the recipient to take an action by opening the attached document,” the researchers write.

“The infection process begins when the malicious Excel document is opened. These files were specially crafted to utilize a technique, called ‘Remote Template Injection,’ to trigger the automatic download and execution of malicious contents hosted on a remote server.”

The researchers explain that Remote Template Injection is a less common tactic that’s more likely to go undetected by security measures.

“Remote Template Injection is an attack technique that exploits a legitimate Excel functionality wherein templates can be imported from external sources to expand a document’s functions and features,” Cisco Talos says.

“By exploiting the inherent trust users place in document files, this method skilfully evades security protocols that may not be as stringent for document templates compared to executable files. It represents a refined tactic for attackers to establish a presence within a system, sidestepping the need for conventional executable malware.”

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Cisco Talos has the story.

Topics: Phishing, Malware

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews