Vishing via Microsoft Teams Facilitates DarkGate Malware Intrusion

Tags

External References

• https://www.trendmicro.com/
• https://otx.alienvault.com/

Description

An attacker used social engineering via a Microsoft Teams call to impersonate a client and gain remote access to a user's system. The victim was tricked into downloading AnyDesk, allowing the attacker to drop suspicious files, including DarkGate malware. The attack involved multiple stages, including the execution of malicious commands, system information gathering, and connection to a command-and-control server. The DarkGate payload was delivered through an AutoIt script, which injected itself into legitimate processes. Although persistent files and a registry entry were created, the attack was thwarted before data exfiltration occurred. The incident highlights the importance of robust security measures and awareness against social engineering attacks.

Date