DarkGate malware surges through Skype and Teams after Qakbot takedown, spreading ransomware and cryptomining threats

DarkGate malware spreading through compromised Skype accounts using VBA loader scripts
Scripts download AutoIT payload to drop and execute final DarkGate malware
Skype accounts compromised through leaked credentials or previous organization breaches
DarkGate also pushed through Microsoft Teams when configured to accept external messages
Goals are penetrating networks and deploying threats like ransomware or cryptomining
DarkGate usage surging after disruption of Qakbot botnet in August
DarkGate touted as malware-as-a-service with advanced features and high fees
Increased DarkGate activity seen via phishing and malvertising post-Qakbot takedown
Highlights growing influence of DarkGate operation and adaptability of threat actors