{"id":8620,"date":"2024-03-14T15:07:01","date_gmt":"2024-03-14T06:07:01","guid":{"rendered":"https:\/\/cyberenso.jp\/?p=8620"},"modified":"2024-11-21T15:20:12","modified_gmt":"2024-11-21T06:20:12","slug":"darkgate-malware-leveraged-newly-patched-microsoft-vulnerability-in-zero-day-exploit","status":"publish","type":"post","link":"https:\/\/cyberenso.jp\/en\/darkgate-malware-leveraged-newly-patched-microsoft-vulnerability-in-zero-day-exploit\/","title":{"rendered":"DarkGate Malware Leveraged Newly Patched Microsoft Vulnerability in Zero-Day Exploit"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"8620\" class=\"elementor elementor-8620\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-5826bce elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"5826bce\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-0df4be1\" data-id=\"0df4be1\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-592d232 elementor-widget elementor-widget-text-editor\" data-id=\"592d232\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>An underground campaign called Dark Gate was discovered by the Zero Day Initiative (ZDI) in mid-January 2024 that exploited CVE-2024-21412 by using fake software installers. As part of this campaign, users were lured by PDFs that contained Google DoubleClick Digital Marketing (DDM) open redirects, causing them to navigate to compromised websites that contained the malicious Microsoft Windows SmartScreen bypass CVE-2024-21412 that led to malicious Microsoft (.MSI) installers. The fake installers contained a sideloaded DLL file that decrypted and infected users with a Dark Gate malware payload.<\/p><p>DarkGate, which operates on a malware-as-a-service (MaaS) model is one of the most prolific, sophisticated, and active strains of malware in the cybercrime world. Malicious software like this has been used by threat actors with financial motivations to target organizations in North America, Europe, Asia, and Africa.<\/p><p>Microsoft fixed the vulnerability as part of its Patch Tuesday updates for February 2024, but not before it was weaponized by a threat actor called Water Hydra (aka DarkCasino) to deliver the DarkMe malware as part of attacks targeting financial institutions.<\/p><p>All organizations should remain vigilant and inform their users not to trust any software installer they receive outside of official channels.<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>An underground campaign called Dark Gate was discovered by the Zero Day Initiative (ZDI) in mid-January 2024 that exploited CVE-2024-21412 by using fake software installers. As part of this campaign, users were lured by PDFs that contained Google DoubleClick Digital Marketing (DDM) open redirects, causing them to navigate to compromised websites that contained the malicious Microsoft Windows SmartScreen bypass CVE-2024-21412<span class=\"excerpt-hellip\"> [\u2026]<\/span><\/p>\n","protected":false},"author":1,"featured_media":8632,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12,2,1],"tags":[],"class_list":["post-8620","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-read_article","category-ce_news","category-uncategorized"],"acf":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/cyberenso.jp\/wp-content\/uploads\/2024\/11\/Pic1-2.jpg?fit=640%2C427&ssl=1","_links":{"self":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/8620"}],"collection":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/comments?post=8620"}],"version-history":[{"count":8,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/8620\/revisions"}],"predecessor-version":[{"id":8634,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/8620\/revisions\/8634"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media\/8632"}],"wp:attachment":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media?parent=8620"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/categories?post=8620"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/tags?post=8620"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}