From Document to Script: Insides of Darkgate's Campaign

One of the primary propagation methods for Darkgate is phishing emails. By hijacking email accounts, distributing malicious attachment and it propagate itself to a wider network of potential victims. Darkgate uses some of the most common attachment filetypes such as XLSX, HTML and PDF. It is often designed to be stealthy and persistent, making it challenging to detect and remove…

Article Link: https://www.forcepoint.com/blog/x-labs/phishing-script-inside-darkgate-campaign