Hackers Exploit Patched Windows Vulnerability to Spread DarkGate Malware
-
Hackers are exploiting a now-patched SmartScreen vulnerability (CVE-2024-21412) to automatically install the DarkGate malware.
-
Attack begins with a PDF email attachment that redirects to an .url file which triggers install of malware MSI file.
-
MSI file uses DLL sideloading vulnerability to decrypt and execute DarkGate malware payload.
-
DarkGate 6.1.7 has updated config options for tactics/evasion along with new XOR-encrypted config.
-
Mitigation includes applying Microsoft's Feb 2024 patch fixing SmartScreen flaw CVE-2024-21412.