1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Hacked Skype accounts are being used to spread malware

    From TechnologyDaily@1337:1/100 to All on Mon Oct 16 20:15:04 2023
    Hacked Skype accounts are being used to spread malware

    Date:
    Mon, 16 Oct 2023 20:10:38 +0000

    Description:
    No one knows how the Skype accounts were hacked, but they're being used to drop DarkGate malware.

    FULL STORY ======================================================================

    Hackers are reportedly abusing compromised Skype accounts in an attempt to distribute the DarkGate malware .

    In a new report , Trend Micro researchers claimed multiple Skype accounts had been compromised and then used to share a VBA loader script attachment. The scripts file name was modified in such a way to have victims believe its a .PDF file, even though it was a .VBS one.

    Downloading and running the script downloads a second-stage AutoIT payload which contains the malicious DarkGate malware code. Targeting Teams, too

    "Access to the victim's Skype account allowed the actor to hijack an existing messaging thread and craft the naming convention of the files to relate to
    the context of the chat history," Trend Micro said, further adding that it wasnt sure how the Skype accounts were compromised to begin with.

    "It's unclear how the originating accounts of the instant messaging applications were compromised, however is hypothesized to be either through leaked credentials available through underground forums or the previous compromise of the parent organization."

    Besides Skype, the hackers also tried the same with Microsoft Teams, the companys other instant messaging and online collaboration platform. In this case, they targeted organizations whose Teams configurations allowed messages coming in from external users.

    DarkGate is a malware-as-a-service (MaaS), with a wide variety of features such as a concealed VNC, capabilities to bypass Windows Defender, a browser history theft tool, an integrated reverse proxy, a file manager, and a
    Discord token stealer. Ever since law enforcement agencies took down Quakbot this summer, there has been an uptick in the use of DarkGate, the researchers added.

    The malware was first reported in 2018, as using legitimate AutoIT files and mostly running multiple AutoIT scripts. According to Malpedia, a new version was released in May this year, and advertised on a Russian dark web forum.

    Via BleepingComputer More from TechRadar Pro Microsoft patches zero-day
    flaws in Teams, Edge and Skype Here's a list of the best firewalls today
    These are the best malware removal tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/hacked-skype-accounts-are-being-used-to -spread-malware


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)