Compromised Skype Accounts Lead To DarkGate Malware Spread: It's Time To Lengthen Passwords

Cybercriminals are reportedly using compromised Skype accounts in an attempt to distribute the DarkGate malware.

DarkGate is malware-as-a-service with a wide variety of features such as a concealed VNC (virtual network computing), capabilities to bypass Windows Defender, a browser history theft tool, an integrated reverse proxy, a file manager, and a Discord token stealer.

Trend Micro researchers recently reported that multiple Skype accounts had been compromised and then were used to share a VBA (visual basic for applications) loader script attachment. The script's file name was modified in such a way as to have victims believe it was a .PDF file, even though it was a .VBS file. The VBS file format, developed by Microsoft Corporation, is an executable file format. VBS files are also known as Visual Basic script files, and are affixed with the .vbs file extension.

Downloading and running the script downloads a second-stage AutoIT (used to develop computer utility software) payload which contains the malicious DarkGate malware code. "Access to the victim's Skype account allowed the actor to hijack an existing messaging thread and craft the naming convention of the files to relate to the context of the chat history," Trend Micro said, further adding that it was not sure how the Skype accounts were compromised to begin with.

"It's unclear how the originating accounts of the instant messaging applications were compromised, however is hypothesized to be either through leaked credentials available through underground forums or the previous compromise of the parent organization." Sead Fadilpaši? "Hacked Skype accounts are being used to spread malware" techradar.com (Oct. 17, 2023)

 

Commentary

 

Although it is not clear how the Skype accounts were hacked, it is theorized that the accounts were accessed using leaked credentials available through underground forums or the previous compromise of the parent organization, according to industry observers.

Whether this theory turns out to be correct, or the compromised accounts were accessed through another means, one of the best ways to mitigate any future exploitation is through the regular practice of changing passwords.

In an ideal world, all personal banking, medical, and other personal information and your organization's proprietary data and customer identification information would only be accessible by using a voice, iris, ear, or facial recognition scan, or even using DNA matching, brain prints, or deep tissue illumination techniques. However, until these biometric safeguards become commonplace, users are left with the most basic of safeguards, the password.

Good password practice starts with long, strong, and un-guessable passwords. Nine times out of ten, a human-generated password will be predictable. This is why passwords should never be short or contain names of loved ones, pets, or dates of special occasions such as birthdays or anniversaries. This is so because the amount of information that many people share on social media is the first place cybercriminals will look to guess passwords. By combing your social media account, cybercriminals will use bots to generate a list of dates, events, names, or other keywords that will then be used by cybercriminals to guess a password.

Passwords should be lengthy and contain a combination of numbers, letters, and characters. Alternatively, consider using a passphrase instead. Though longer, the lyrics of a favorite poem, song, or other passage will always be remembered, but must be changed to obscure the original. Using the first, second, or last letter of each word in that passage will result in a long, complex, but easy-to-remember, password. Alternatively, mix up the words, numbers, and symbols in such a way as to create a long nonsensical phrase that you will remember. You might use every third word from a piece of prose you recall from school and mix it in with dates or symbols you can remember.

Finally, your opinion is important to us. Please complete the opinion survey: