October 23, 2023
2 mins read

Vietnam-based hackers target India, US, UK

DarkGate is a Remote Access Trojan (RAT) that first emerged in cyberspace in 2018. It is usually offered as a Malware-as-a-Service tool to cybercriminals…reports Asian Lite News

Vietnam-based cybercrime groups are targeting digital marketing firms based in India, the US and the UK by hijacking Facebook business accounts in a malicious campaign, a new report has found.

According to the cybersecurity company WithSecure, the popular malware ‘Darkgate’ has been combined with a Malware as a Service (MaaS) toolkit to infect victims with rival remote access trojans (RATs) and additional information-stealing malware like Ducktail, Lobshot, and Redline.

Multiple infection attempts with DarkGate malware were identified by researchers, targeting these countries on August 4. The lure documents, target patterns, themes, delivery methods, and overall attack tactics are similar to those seen in recent DuckTail infostealer campaigns, the report said.

DarkGate is a Remote Access Trojan (RAT) that first emerged in cyberspace in 2018. It is usually offered as a Malware-as-a-Service tool to cybercriminals.

The researchers examined open-source data associated with the DarkGate malware campaign and discovered connections to multiple infostealers. This pattern indicates that these attacks are being carried out by the same group or threat actor.

“By identifying characteristics of DarkGate malware lures and campaigns, we have been able to find multiple pivot points which lead to other information stealers and malware being used in very similar if not identical campaigns, and it is assessed as likely that the same threat actor group performs these campaigns,” the researchers said.

According to the report, the attack began with a file called ‘Salary and new products.8.4.zip.’ When unwitting users downloaded and extracted it, a VBS script was activated.

This script renamed and duplicated the original Windows binary (Curl.exe) to a new location before connecting to an external server to retrieve two additional files: autoit3.exe and an Autoit3 script compiled.

Following that, the script executed the executable, de-obfuscated, and assembled the DarkGate RAT with the help of strings from the script.

“Based on what we’ve observed, it is very likely that a single actor is behind several of the campaigns we’ve been tracking that target Meta Business accounts,” said senior threat intelligence analyst Stephen Robinson.

After gaining control of an account, the attackers can engage in a variety of malicious activities such as malware distribution and fraud, the report warned.

ALSO READ-India-US 2+2 meeting to be held in Nov second week

Previous Story

X lost over half a billion user visits last month

Next Story

Cyclone Tej Intensifies into Extremely Severe Cyclonic Storm

Latest from -Top News

Europe Seeks Peace in Gaza

European countries condemn Israeli interception of Gaza-bound flotilla, demand safety of citizens…reports Asian Lite News Israel’s interception of an international flotilla carrying humanitarian aid to Gaza has sparked condemnation across Europe, with

GAZA: Egypt to Host Peace Talks

Egypt hopes the discussions will help “end the war and the suffering of the brotherly Palestinian people, which has continued for two consecutive years…reports Asian Lite News Egypt will host Israeli and

‘My Injuries Made Me’

During his four-year battle with injury, the incumbent fast bowling spearhead made occasional appearances but couldn’t bear the workload and demands of red-ball cricket….reports Asian Lite News England tearaway Jofra Archer believes

Hegseth Cuts Deep

US Defense Secretary Hegseth abruptly fired Navy Chief Jon Harrison in a major Pentagon shake-up….reports Asian Lite News US Defense Secretary Pete Hegseth abruptly dismissed Jon Harrison, the Navy Chief of Staff,

Japan Set for First Female PM

Takaichi, 64, defeated Agriculture Minister Shinjiro Koizumi in a closely contested runoff vote, succeeding Prime Minister Shigeru Ishiba as party leader….reports Asian Lite News Former Internal Affairs Minister Sanae Takaichi has won
Go toTop

Don't Miss

China’s Defence Minister to attend SCO meet in India

Following the 2020 Galwan Valley clashes, this is the first

Misguided Protests at Rutgers Threaten to Undermine Progress in Kashmir

The demand to display a separatist Kashmiri flag is not