Weaponized updates deliver DarkGate malware through fake browser versions.

December 24, 2023
1 min read

The DarkGate Malware, also known as BattleRoyal, is spreading through weaponized fake browser updates and emails. It is designed to download additional malware directly into the memory of both 32- and 64-bit systems. The malware is created using Delphi, and its unique characteristic is that it does not reside in the file system, making it harder to detect. A total of 20 email campaigns have been identified to have utilized the DarkGate malware.

One specific method used by the threat actors is through a fraudulent browser update request, where the malicious code is hidden using steganography with a GroupID. The sensitive data is concealed within a regular file or message and is subsequently removed at its destination to prevent discovery. The threat actors also use a Keitaro domain to filter out unwanted traffic.

The fake browser update is designed to target users who bypass traffic inspection. By clicking the update button, malware is installed on their browser.

This discovery highlights the importance of staying vigilant and cautious when it comes to downloading software updates or clicking on suspicious links. It is crucial to verify the source and legitimacy of any update before initiating the download. Implementing robust cybersecurity measures, such as using trusted antivirus software and regularly updating software and systems, can also help protect against malware attacks.

Additionally, organizations should educate their employees about the risks of phishing emails and the importance of not clicking on unknown links or downloading attachments from untrusted sources. Implementing email filters and conducting regular security awareness training can help mitigate the risk of malware infections through email campaigns.

Overall, the DarkGate malware serves as a reminder of the constantly evolving nature of cyber threats. It is crucial for individuals and organizations to stay informed about the latest cybersecurity trends, maintain strong cybersecurity hygiene practices, and implement robust security measures to protect against these evolving threats.

Latest from Blog

Samstealer: Stealing Sensitive Data Through Windows Systems

TLDR: Samstealer is actively attacking Windows systems to steal sensitive data. The malware targets browsers, applications, and cryptocurrency wallets to steal passwords and other information. Cybersecurity researchers at CYFIRMA have recently identified