Her new report Kaspersky reveals the ways of infection by malware type Darkgate, Emotet and LokiBot. Its unique encryption Darkgate, its dynamic reappearance Emotet and exploits of LokiBot demonstrate the ever-evolving cyber landscapebetter safetys.
In June 2023, the researchers of Kaspersky they discovered a new program loader by name Darkgate, which has a number of features that go beyond the standard functions of downloader. Some of its notable features include hidden VNC, bypassing it Windows Defender, eavesdropping on browser history, vice versa proxy, access to files but also theft token by Discord.
Its operation Darkgate includes a process consisting of four specially configured parts, which serve to execute the program Darkgate. Tthis program is a unique way to encrypt using private keys while also using a custom version of the encryption Base64 based on a special character set.
In addition, her research Kaspersky analyzes one of its functions Emotet, of a notorious one botnet which resurfaced after being dealt with in 2021. In its current version Emotet, when users open an infected file OneNote, then they unwittingly activate the covert VBScript. Then, the VBScript tries to download malicious material from various isotopes in order to gain full access to the system. Having accomplished its purpose, the Emotet installs one DLL in the temporary directory and then executes it. This DLL contains hidden instructions or some shellcode along with encrypted input functions. By decrypting a specific file, the Emotet takes control of the system, managing to run the malware.
Finally, the Kaspersky spotted one Phishing campaign that targeted shipping companies through the LokiBot. This is a infostealer which was first detected in 2016 and is designed to intercept data from various applications, such as a browser and FTP customers. These emails they brought a document attached Excel, which prompted users to enable macrocommands on Excel. The attackers exploited a known vulnerability (CVE-2017-0199) in the Microsoft Office, which leads to downloading a document RTF. Then this document RTF another vulnerability is exploited (CVE-2017-11882) leading to its execution malware, LokiBot.
“His reappearance Emotet, his constant presence Lokibot, as well as its appearance Darkgate are a reminder of evolving cyber threats. These types of malware adapt and can adopt new methods. Therefore, it is vital for individuals and businesses to remain vigilant by investing in strong cybersecurity solutions. The ongoing research of Kaspersky and the detection of DarkGate, Emotet, and Lokibot highlight the importance of proactive measures to protect against evolving cyber threats,” comments Jornt of of Wiel, senior security researcher in its Global Research and Analysis Group Kaspersky.
Learn more about new infection methods at Securelist.
To protect yourself and your business from attacks ransomwareThe Kaspersky suggests the following:
-
Always keep the software on all the devices you use up-to-date to prevent attackers from exploiting vulnerabilities and penetrating your network.
-
Focus your defense strategy on detecting any suspicious movements and data leaks online. Pay close attention to outbound traffic to detect malicious users' connections to your network. Create offline backups that can't be hacked by attackers. Make sure you can quickly access them when needed or in an emergency.
-
Enable protection from ransomware at all endpoints. There is the free one tool Kaspersky Aunt-Ransomware tool for Business, which protects computers and their servers from ransomware and other types of malware. At the same time, it prevents exploits, as it is compatible with already installed security solutions.
-
Install anti-APT and EDR solutions, which provide capabilities for advanced threat detection, investigation and early incident response.
-
Give your SOC team access to the latest Threat Intelligence (TI) information. Kaspersky Threat Intelligence Portal is a single point of access to Kaspersky's TI, providing data and insights about cyberattacks collected by its team over the past 20 years. To help businesses provide effective defense in these turbulent times, Kaspersky announced that it is providing free access to autonomous, up-to-date information from around the world about current cyberattacks and threats. Request access to this offer here.