In the last month, the Netskope Threat Labs team noticed a big increase in malware being spread through SharePoint. This happened because some cyber attackers used Microsoft Teams and SharePoint to trick people into downloading the malware, called DarkGate.
DarkGate is a malware that was first found in 2018. It has been used in many attacks recently.
People like using DarkGate because it can do a lot of harmful things like taking control of a computer, recording what you type, stealing information, and even downloading more bad software. DarkGate can also be used to start even bigger attacks, like locking up your files and asking for money to unlock them.
Recently, Netskope found a new version of DarkGate being spread using a special file called MSI. They used a method similar to something called Cobalt Strike Beacon to make it work.
Let’s take a closer look at how MSI will infect your system
The infection process begins with a deceptive email that pretends to be an invoice. This email carries a PDF document, which, when opened, reveals a template resembling a DocuSign document. This is designed to trick the user into thinking they need to review a document.
When the user clicks on the document, it triggers the execu
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
When the user clicks on the document, it triggers the execu
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: