Intel Name: Vishing via microsoft teams facilitates darkgate malware intrusion
Date of Scan: December 25, 2024
Impact: Medium
Summary: In a recent incident, an attacker used social engineering through a Microsoft Teams call to impersonate a client and gain remote access to a victim’s system. The attacker successfully tricked the victim into downloading AnyDesk, a remote access tool, and dropped suspicious files, including Trojan.AutoIt.DARKGATE.D. This malware used Autoit3.exe to connect to a command-and-control server and download a malicious payload. Although persistent files and a registry entry were created, the attack was stopped before exfiltration occurred.