Hackers are getting so sophisticated with malware that they are making links look like a notice about company vacation time.
The research team Truesec has been observing DarkGate Loader since late August and notes that hackers have utilized an intricate downloading process that makes it so the file is difficult to identify as nefarious. The malware comprises an infected VBScript hidden within an LNK . The research team notes that the attack is crafty due to its SharePoint URL, which makes it hard for users to realize it’s a challenged file. The precompiled Windows cURL script type also makes the code harder to identify because the code is hidden in the middle of the file.
DarkGate Loader isn’t the only phishing scam that has been plaguing Microsoft Teams this summer. A group of Russian hackers called Midnight Blizzard were able to use a social engineering exploit to attack approximately 40 organizations in August. The hackers used Microsoft 365 accounts owned by small businesses that had already been challenged and pretended to be technical support in order to execute attacks. Microsoft has since addressed the issue, according to Windows Central.