Skype message threads hijacked to spread DarkGate malware

Cybercriminals are using Skype to disseminate a malware known as DarkGate. DarkGate has been in existence since 2017 and has seen a recent revival in usage. It’s believed this resurgence is due to the malware’s developer leasing it on the dark web. Consequently, hackers have been taking over Skype conversations and sending victims to a SharePoint site to download the malicious file. Once this file is launched, it establishes persistence by dropping a random LNK file into the Windows user startup folder. Across the three observed delivery methods, researchers noted that the majority of targets (41%) were in the Americas.