Attacks with the DarkGate malware-as-a-service operation have since involved an AutoHotKey script instead of AutoIt ones to facilitate the stealthier distribution of the malware, according to The Hacker News.
Aside from the new script, the DarkGate malware, now in version 6, also had its configuration, anti-detection techniques, and roster of capabilities significantly updated by its operators, which have integrated support for audio recording, keyboard management, and mouse control, a report from Trellix revealed.
Such additions were accompanied with the removal of previously available privilege escalation, Hidden Virtual Network Computing, and cryptocurrency mining capabilities, which were noted by Trellix researcher Ernesto Fernandez Provecho to have possibly been cut down to better evade detection or due to lacking interest among the malware's customers.
"DarkGate campaigns tend to adapt really fast, modifying different components to try to stay off security solutions," said Fernandez Provecho.
The findings come months after the updated DarkGate with AutoHotKey was reported by McAfee Labs to have been used to circumvent Microsoft Defender SmartScreen protections.