Threat actors are hacking Skype and Microsoft Teams accounts to spread malware to organizations, according to Trend Micro.
In a report published on Oct. 12, Trend Micro highlighted one instance where a threat actor hijacked a messaging thread on Skype and, taking advantage of the context of the messages, sent a malicious payload disguised as a contract.
The malware these attacks are spreading — DarkGate — boasts a range of capabilities, including executing discovery commands, self-updating, deploying remote access tools, enabling cryptocurrency mining, conducting keylogging, browser data theft, and privilege escalation.
Trend Micro’s report shows threat actors try to pass off malicious payloads as PDF or zip files. Besides Skype, Microsoft Teams users are vulnerable, too, especially when engaging with messages from external senders. In one attack, threat actors sent a malicious payload in a spam message to an organization.
DarkGate Attacks
DarkGate first appeared on the radars of security agencies in 2017. But, it has not been active in recent years. Between July and September, Trend Micro observed a campaign to spread DarkGate on instant messaging platforms.
“Versions of DarkGate have been advertised on Russian language forum eCrime since May 2023. Since then, an increase in the number of initial entry attacks using the malware has been observed,” Trend Micro’s report reads.
A majority of the targets in this campaign are in the Americas (41%), but organizations in Europe (28%) and other parts of the world have also come into the crosshair.
Trend Micro researchers couldn’t determine how the threat actors breached the initial accounts used in the campaign. However, they “hypothesized” that it may have been stolen in a breach or leaked on dark web forums.
How to Protect Yourself from DarkGate
This is not the first time attackers have leveraged Skype and MS Teams. In August, Microsoft researchers spotted phishing messages sent via Teams to breach 365 accounts. Scammers have been known to reach out to victims through phony Skype profiles.
Trend Micro outlined some security recommendations for organizations to counter this threat, including adopting multifactor authentication and consistently educating employees about cybersecurity.
It’s important to exercise caution with clicking the files and links you receive on instant messaging platforms, particularly if they are from an unknown or untrusted contact. Read our guides to phishing and social engineering to learn how threat actors use clever deception in cyberattacks.
For more news, follow us on X (Twitter), Threads, and Mastodon!
