Three Emerging Threats in the Malware Landscape
As the malware landscape evolves, vigilance and proactive cybersecurity measures are important for organisations to protect their systems and data from ever-changing threats.
In recent monitoring efforts, cybersecurity researchers at Kaspersky have identified three significant emerging threats: a new loader called ‘DarkGate’, a new LokiBot info-stealer campaign, and a new sample of the resurgent Emotet.
DarkGate
This malware loader was created by a well known developer according to Kaspersky. In June 2023, the developer announced on a darkweb forum that they had been working on it for more than 20,000 hours since 2017, and the new features went beyond the typical functionality of a downloader.
The new features included a hidden VNC, Windows defender exclusion, browser history stealing, reverse proxy, file manager, and a Discord token stealer. DarkGate’s infection chain consists of four stages, leading to the loading of the final payload, DarkGate itself.
The loader exhibits sophisticated encryption techniques, with each string encrypted using a unique key and custom Base64 encoding. The core functionality of the malware is managed through global variables, organised in a Delphi TStringList.
LokiBot
This info-stealer has been active since 2016 and remains a threat to this day. It is designed to glean information from applications like browsers.
Recently, the info-stealer was detected in a phishing campaign that targeted a cargo ship company. It sent an email appearing to be a business contract, from there, the attached Excel document prompted a notification that asked the user to enable macros. The notification was fake, and instead leveraged CVE-2017-0199 and CVE-2017-11882 vulnerabilities to download and execute LokiBot.
Once active, LokiBot steals credentials from various applications and sends them to a command-and-control server, where attackers can issue additional commands, such as downloading more malware or running a keylogger.
Recommended
Emotet
After being taken down in 2021, Emotet resurfaced with new attack methods in a recent wave of attacks. The latest one involves malicious OneNote files sent via emails where…
