Hacked Skype accounts are being used to spread malware

News
By published

No one knows how they were hacked

skype
BigTunaOnline / Shutterstock.com (Image credit: BigTunaOnline / Shutterstock.com)

Hackers are reportedly abusing compromised Skype accounts in an attempt to distribute the DarkGate malware.

In a new report, Trend Micro researchers claimed multiple Skype accounts had been  compromised and then used to share a VBA loader script attachment. The script’s file name was modified in such a way to have victims believe it’s a .PDF file, even though it was a .VBS one. 

Downloading and running the script downloads a second-stage AutoIT payload which contains the malicious DarkGate malware code.

Targeting Teams, too

"Access to the victim's Skype account allowed the actor to hijack an existing messaging thread and craft the naming convention of the files to relate to the context of the chat history," Trend Micro said, further adding that it wasn’t sure how the Skype accounts were compromised to begin with.

"It's unclear how the originating accounts of the instant messaging applications were compromised, however is hypothesized to be either through leaked credentials available through underground forums or the previous compromise of the parent organization."

Besides Skype, the hackers also tried the same with Microsoft Teams, the company’s other instant messaging and online collaboration platform. In this case, they targeted organizations whose Teams configurations allowed messages coming in from external users. 

DarkGate is a malware-as-a-service (MaaS), with a wide variety of features such as a concealed VNC, capabilities to bypass Windows Defender, a browser history theft tool, an integrated reverse proxy, a file manager, and a Discord token stealer. Ever since law enforcement agencies took down Quakbot this summer, there has been an uptick in the use of DarkGate, the researchers added. 

The malware was first reported in 2018, as using legitimate AutoIT files and mostly running multiple AutoIT scripts. According to Malpedia, a new version was released in May this year, and advertised on a Russian dark web forum.

Via BleepingComputer

More from TechRadar Pro

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
Microsoft Teams and other Windows tools hijacked to hack corporate networks
A fish hook is lying across a computer keyboard, representing a phishing attack on a computer system
Microsoft 365 accounts are under attack from new malware spoofing popular work apps
A digital representation of a lock
Security experts are being targeted with fake malware discoveries
Trojan
Hackers hide malware into website images to go unnoticed
Phishing
Russian cyberattackers spotted hitting Microsoft Teams with new phishing campaign
A pair of hands using a keyboard
Microsoft SharePoint hijacked to spread Havoc malware
Latest in Security
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Latest in News
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Philips Hue
Philips Hue might be working on a video doorbell, and according to a new report, we just got our first look at it
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
A fresh Samsung Galaxy S25 Edge leak hints at a 2K display and a titanium frame
Hatch Restore 3 in Putty
You can finally start your day with The Office theme song, and I couldn't be more excited
More about security
An abstract image of digital security.

Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft

"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.

A fresh Samsung Galaxy S25 Edge leak hints at a 2K display and a titanium frame
See more latest
Most Popular
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
A fresh Samsung Galaxy S25 Edge leak hints at a 2K display and a titanium frame
Philips Hue
Philips Hue might be working on a video doorbell, and according to a new report, we just got our first look at it
SDUNITED AX835-025FF mini PC
This mini PC with the incredible Strix Halo APU is yet another sign AMD may have given up on big brands for bleeding edge tech
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Hatch Restore 3 in Putty
You can finally start your day with The Office theme song, and I couldn't be more excited
Dell Pro Max with GB300
HP and Dell's latest Nvidia powered PCs are likely to be some of the most expensive workstations ever launched
Shape of Russia filled with Russian flag-colored internet codes on a black hacking background
A new wave of blocks in Russia targets VPN apps and Cloudflare subnets
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand