HQ/EMEAFind out how we can help your business
The notorious DarkGate malware operators allegedly executed a malicious cybercriminal campaign last January using a tactic that exploits a Microsoft Windows vulnerability.
Based on reports, the exploit is a zero-day vulnerability that targets unsuspecting users through deceptive software installers, adding to the latest threat that emerged this year in the digital landscape.
The DarkGate malware campaign leverages PDFs to execute its bug abuse tactic.
According to investigations, the modus operandi of the new DarkGate malware campaign involved using PDFs containing Google DoubleClick Digital Marketing (DDM) open redirects.
These redirects lure users to compromised websites that host the Microsoft Windows SmartScreen bypass (CVE-2024-21412) vulnerability. These fake installers disguised themselves as trusted software such as Apple iTunes, Notion, and NVIDIA to deceive users into unknowingly downloading the DarkGate malware onto their systems.
In addition, the Water Hydra group had previously exploited this flaw after targeting financial traders with the DarkMe malware. This detail shows how threat actors adapt new tactics, such as exploiting vulnerabilities to execute malicious campaigns.
The threat landscape’s influence has intensified because of the proliferation of phoney software installers. Recent research uncovered instances where hackers used fake PDF files and seemingly legitimate websites to distribute fake installers for Adobe Reader, Notion, and Synaptics.
These installers became the vector of information stealers like LummaC2 and the XRed backdoor. These attacks illustrated cyber adversaries’ diverse tactics to breach targeted systems and compromise sensitive data. Researchers also noted a similar tactic employed by the developers of the QBot malware, who baited users into downloading a variant of QBot that posed as an installer for an Adobe product.
These developments in the cybercrime scene should urge users and organisations to prioritise the application of security patches to protect their systems against known vulnerabilities.
Furthermore, users should be cautious when downloading software installers from unknown sources or via links attached to emails to avoid malware infection. Organisations should also know the Indicators of Compromise (IOCs) associated with such campaigns to block threats at their inception preemptively.
As the online landscape continues to be more dangerous, remaining proactive and knowledgeable of such threats is crucial in mitigating the risks posed by cyber threats like the DarkGate campaign.
