When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
Were about to witness a significant surge in the deployment of DarkGate and NetSupport, security experts are warning.
Researchers from Proofpoint claim to have observed a brand new threat actor, dubbed “BattleRoyal”.
Image Credit: Geralt / Pixabay
In any case, the group was abusing a vulnerability tracked as CVE-2023-36025 to deliver themalware.
BattleRoyal was abusing it even before it was published byMicrosoft, the company said.
The flaw is found in Windows SmartScreen, a security feature designed to stop people from visiting dangerous websites.
As explained by Malpedia, DarkGate is a commodity loader first documented in 2018.
DarkGate abuses legitimate AutoIt files and typically runs multiple AutoIt scripts.
New versions of DarkGate have been advertised on a Russian-language eCrime forum since May 2023, the report concludes.
