A threat actor is using compromised Skype and Microsoft Teams accounts to distribute DarkGate, a troublesome loader associated with multiple malicious activities, including information theft, keylogging, cryptocurrency miners, and ransomware such as Black Basta.
Forty-one percent of the targets of the campaign — which appears to have begun in August — are organizations in the Americas, according to researchers at Trend Micro who are tracking the activity.
In a report this week, Trend Micro also said its researchers had observed the developer of DarkGate begin to advertise the malware on underground forums and renting it out on a malware-as-a-service basis to affiliate threat actors.
The pivot, after years of going it alone, has resulted in a recent surge in DarkGate activity after a relative lull.
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
