News

Kaspersky’s New Discoveries: DarkGate Malware Unique Encryption, Emotet is Back and LokiBot Remains

TIME.CO, Jakarta – Last report Kaspersky discover complex infection tactics of a certain type malware DarkGate, Emotets and LokiBots. Between DarkGate’s unique encryption and the return of the mighty Emotet, the LokiBot exploit persists.

“The rise of Emotet and the continued presence of Lokibot and the rise of DarkGate serve as a stark reminder of the evolving cyberthreats we still face. As this type of malware adapts and adopts new methods of infection, it is imperative that individuals and businesses remain vigilant and invest in superior cybersecurity solutions,” said Jornt van der Wiel, senior security researcher in the Global Research and Analytics Team by Kaspersky, in a statement on Wednesday, August 16, 2023.

“Kaspersky’s continued research and detection of DarkGate, Emotet and Lokibot underscores the importance of proactive action to protect against evolving cyberthreats,” he added.

In June 2023, Kaspersky researchers discovered a new loader called DarkGate that offers a number of features beyond the normal downloader functionality. Some notable features include hidden VNC, Windows Defender exclusions, browser history theft, reverse proxy, file management, and Discord token theft.

Operation DarkGate involves a series of four phases, intricately designed to lead to the loading of DarkGate itself. What makes this loader different is its unique way of encrypting strings with a custom key and custom version of Base64 encoding, using a special character set.

In addition, Kaspersky’s research examined the activity of Emotet, a well-known botnet that made a comeback after being taken down in 2021. In this latest campaign, users who unknowingly opened a malicious OneNote file triggered a hidden execution and obfuscated of VBScript. The script then tries to download malicious payloads from various websites until it manages to infiltrate the system. Once logged in, Emotet installs the DLL into a temporary directory, then runs it.

Announcement

This DLL contains hidden instructions, or shell code, along with encrypted import functions. With the ability to decrypt certain files from its quota of resources, Emotet excels, eventually executing its malicious payload.

Finally, Kaspersky has detected a phishing campaign targeting cargo ship companies. It is an infostealer first identified in 2016 and is designed to steal credentials from various applications, including browsers and FTP clients.

This email contains an attached Excel document encouraging users to enable macros. The attackers exploit a known vulnerability (CVE-2017-0199) in Microsoft Office, which leads to the download of RTF documents. This RTF document therefore exploits another vulnerability (CVE-2017-11882) to deliver and execute the LokiBot malware.

Always update latest information. Listen latest news and selected news from Tempo.co on the Telegram channel “Tempo.co Update”. Click https://t.me/tempodotcoupdate stick. you have toto install First the Telegram app.



Quoted From Many Source

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button