OP Yesterday - 04:13 AM
Cybercriminals distribute Zbot and DarkGate malware by “bombarding” victims’ emails with the aim of contacting them later using social engineering.
According to researchers at Rapid7 , the key stage of the attack begins with creating a process of overloading the victim’s mailbox, which is achieved by registering their email with multiple mailing services. The attackers then contact the victims, posing as technical support staff. Victims are asked to install legitimate remote access software, such as AnyDesk, TeamViewer, or Microsoft Quick Assist, so that the attackers can gain control of the devices. “The support staff is already ready to solve your problem, just give them the necessary access,” the hackers say.
After installing the remote access software, the attackers install programs to steal credentials and launch malicious payloads, including Zbot or DarkGate. The goal is to gain access to the organization’s VPN components and bypass multi-factor authentication in order to directly penetrate the company’s network.
source : https://www.rapid7.com/blog/post/2024/12...m-malware/
According to researchers at Rapid7 , the key stage of the attack begins with creating a process of overloading the victim’s mailbox, which is achieved by registering their email with multiple mailing services. The attackers then contact the victims, posing as technical support staff. Victims are asked to install legitimate remote access software, such as AnyDesk, TeamViewer, or Microsoft Quick Assist, so that the attackers can gain control of the devices. “The support staff is already ready to solve your problem, just give them the necessary access,” the hackers say.
After installing the remote access software, the attackers install programs to steal credentials and launch malicious payloads, including Zbot or DarkGate. The goal is to gain access to the organization’s VPN components and bypass multi-factor authentication in order to directly penetrate the company’s network.
source : https://www.rapid7.com/blog/post/2024/12...m-malware/