DarkGate Malware Exploits Samba File Shares in Short-Lived Campaign
Jul 12, 2024
Malware / Cyber Attack
Cybersecurity researchers have shed light on a short-lived DarkGate malware campaign that leveraged Samba file shares to initiate the infections. Palo Alto Networks Unit 42 said the activity spanned the months of March and April 2024, with the infection chains using servers running public-facing Samba file shares hosting Visual Basic Script (VBS) and JavaScript files. Targets included North America, Europe, and parts of Asia. "This was a relatively short-lived campaign that illustrates how threat actors can creatively abuse legitimate tools and services to distribute their malware," security researchers Vishwa Thothathri, Yijie Sui, Anmol Maurya, Uday Pratap Singh, and Brad Duncan said . DarkGate, which first emerged in 2018, has evolved into a malware-as-a-service (MaaS) offering used by a tightly controlled number of customers. It comes with capabilities to remotely control compromised hosts, execute code, mine cryptocurrency, launch reverse shells, and drop addit