Samba file shares leveraged to facilitate DarkGate malware delivery.
Europe and portions of Asia have been subjected to an attack campaign distributing the DarkGate malware-as-a-service payload through the exploitation of Samba file shares.
According to The Hacker News, malicious Microsoft Excel files have been used by threat actors to facilitate the execution of a Samba file share-hosted VBS code, which enables the retrieval of a PowerShell script and other files, analysis from Palo Alto Networks Unit 42 revealed.
The PowerShell script triggers another PowerShell script that enables the installation of an AutoHotKey package for DarkGate before eventually deploying the malware, which proceeds with security software scanning and CPU data monitoring before conducting data exfiltration to a connected command-and-control server.
Researchers said: "As DarkGate continues to evolve and refine its methods of infiltration and resistance to analysis, it remains a potent reminder of the need for robust and proactive cybersecurity defenses.”
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
