In the landscape of IT, there’s nothing more daunting than a new cyber threat. However, today, we know of a new upcoming plot to steal sensitive data. According to analysts, legal advertising tools are now being utilized as a cloak for illicit campaigns, enabling cyber criminals to track victims and refine their malware attacks.


The DarkGate consortium

The latest disclosure from Hewlett Packard’s threat insights, unveiled on February 15th, exposes DarkGate, a consortium of web-based criminals employing legitimate advertising networks to bolster their spam-based malware assaults.

Hewlett’s threat research team, HP Wolf Security, has been diligently tracking DarkGate’s activities, noting a significant shift in tactics last year.

Previously operating primarily as a malware provider since 2018, DarkGate has now integrated legal advertisement networks into its modus operandi.

By leveraging these networks, threat actors can gauge the effectiveness of their lures, identifying which tactics yield the highest click-through rates and subsequently infect the most users.

DarkGate initiates its attacks with a meticulously crafted email phishing campaign, enticing victims to click on infected PDF files. However, instead of directing victims straight to the payload upon clicking, DarkGate redirects them to a legitimate online ad network first.

This strategic manoeuvre serves multiple purposes, including evading detection and collecting analytics on user engagement.

Moreover, by utilizing ad networks as proxies, DarkGate exploits the inherent security measures of these platforms, such as CAPTCHA verification, further obfuscating its malicious activities.

This tactic not only enhances the credibility of the lure but also poses challenges for automated malware analysis systems, potentially enabling DarkGate to evade detection more effectively.

Interestingly, DarkGate’s services appear to be tailored to an exclusive clientele, with subscriptions costing thousands of dollars. This suggests that the group’s tools are designed for elite cybercriminals rather than amateurs. By limiting the number of active subscribers to its malware service, DarkGate ensures a level of vetting, indicating a higher degree of sophistication among its user base.


The Cyber Threat Aftermath

Despite efforts to educate employees on phishing awareness, DarkGate’s persuasive social engineering lures continue to deceive even well-trained individuals.

By mimicking error messages from popular cloud services like OneDrive, DarkGate capitalizes on familiarity to lower suspicion and increase the likelihood of successful infiltration.

According to Alex Holland, senior malware analyst at Wolf Security, cybercriminals’ evolving tactics underscore the importance of remaining vigilant. As cyber threats continue to evolve, organizations must adapt their security measures accordingly, staying one step ahead of malicious actors.

In conclusion, DarkGate’s exploitation of legal advertising tools represents a concerning development in cybercrime, highlighting the need for robust cyber security measures and ongoing vigilance in the face of evolving threats.

We hope you’ve liked this blog and that you’ll stick around to see our future releases, covering everything from recent IT News to Knowledgebase articles. Thanks for reading!