Kaspersky’s new report uncovers intricate infection tactics of malware strains DarkGate, Emotet, and LokiBot. Amid DarkGate’s unique encryption and Emotet’s robust comeback, LokiBot exploits persist, illustrating the ever-advancing cybersecurity landscape.
“Emotet’s resurgence and the continuous presence of Lokibot as well as the appearance of DarkGate serve as stark reminders of the ever-evolving cyber threats we face. As these malware strains adapt and adopt new infection methods, it is crucial for individuals and businesses to stay vigilant and invest in robust cybersecurity solutions. Kaspersky’s ongoing research and detection of DarkGate, Emotet, and Lokibot underscore the significance of proactive measures to protect against evolving cyber dangers,” commented Jornt van der Wiel, Senior Security Researcher, Kaspersky’s Global Research and Analysis Team.
In June 2023, Kaspersky’s researchers discovered a new loader named DarkGate that boasts an array of features that go beyond typical downloader functionality. DarkGate’s operation involves a chain of four stages, intricately designed to lead to the loading of DarkGate itself. What sets this loader apart is its unique way of encrypting strings with personalized keys and a custom version of Base64 encoding, utilizing a special character set.
Kaspersky detected a phishing campaign targeting cargo ship companies that delivered LokiBot. It is an infostealer first identified in 2016, and designed to steal credentials from various applications, including browsers and FTP clients.
