{"id":56583,"date":"2024-07-16T00:38:20","date_gmt":"2024-07-16T00:38:20","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/darkgate-the-swiss-army-knife-of-malware-sees-boom-after-rival-qbot-crushed\/"},"modified":"2024-07-16T00:38:20","modified_gmt":"2024-07-16T00:38:20","slug":"darkgate-the-swiss-army-knife-of-malware-sees-boom-after-rival-qbot-crushed","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/darkgate-the-swiss-army-knife-of-malware-sees-boom-after-rival-qbot-crushed\/","title":{"rendered":"DarkGate, the Swiss Army knife of malware, sees boom after rival Qbot crushed"},"content":{"rendered":"<p>The DarkGate malware family has become more prevalent in recent months, after one of its main competitors was taken down by the FBI.<\/p>\n<p>The malware was <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.fortinet.com\/blog\/threat-research\/enter-the-darkgate-new-cryptocurrency-mining-and-ransomware-campaign\">discovered<\/a> by endpoint security outfit enSilo&#8217;s security maven Adi Zeligson in 2018 \u2013 but it has evolved over the years. The most recent version, <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/x.com\/spamhaus\/status\/1750491586494873904\">spotted<\/a> by Spamhaus in late January, added new capabilities.<\/p>\n<p>The software nasty, whose developer goes by the moniker RastaFarEye, can be used for everything from keylogging to data and credential theft, and even remote access \u2013 which can then be used to <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2024\/06\/19\/powershell_fix_malware\/\" rel=\"noopener\">deploy ransomware<\/a>. DarkGate infections give miscreants complete control over computers.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZpZC5C-2MXNtZUxVkm5LGQAAAAU&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZpZC5C-2MXNtZUxVkm5LGQAAAAU&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Infection vectors are also plentiful. Infections have been detected as a result of <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2024\/02\/15\/malware_pdf_wolf_security\/\" rel=\"noopener\">social engineering<\/a> and phishing emails, plus <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/posts\/unit42_darkgate-timelythreatintel-malwaretraffic-activity-7136107640379637760-F4OH\/\">DLL sideloading<\/a>, poisoned content in publicly accessible file-sharing services, and compromised websites<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZpZC5C-2MXNtZUxVkm5LGQAAAAU&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZpZC5C-2MXNtZUxVkm5LGQAAAAU&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZpZC5C-2MXNtZUxVkm5LGQAAAAU&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZpZC5C-2MXNtZUxVkm5LGQAAAAU&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>The malware has therefore become popular among cyber crime crews \u2013 and more so in recent months. &#8220;DarkGate is one that has been big since September of last year,&#8221; Daniel Blackford, director of threat research at Proofpoint, told <em>The Register<\/em>.<\/p>\n<p>Blackford&#8217;s threat-hunting team recently <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.proofpoint.com\/us\/blog\/email-and-cloud-threats\/darkgate-malware\">detected<\/a> a gang it tracks as TA571 using DarkGate to gain access to more than 1,000 organizations.<\/p>\n<h3 class=\"crosshead\">14k+ campaigns using DarkGate<\/h3>\n<p>Proofpoint has documented 14,000 campaigns in which TA571 used DarkGate to gain access, then steal credentials and valuable data, deploy ransomware, and then sell this access to victims&#8217; networks. The attacks also contained more than 1,300 different malware variants, we&#8217;re told.<\/p>\n<p>DarkGate&#8217;s flexibility and multiple infection vectors make attribution more difficult for network defenders.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZpZC5C-2MXNtZUxVkm5LGQAAAAU&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZpZC5C-2MXNtZUxVkm5LGQAAAAU&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>&#8220;If you have nine different activity sets using DarkGate \u2013 which is something that we&#8217;ve seen at one time \u2013 how do you know? Do you have the telemetry available to you to, with high confidence, differentiate these activity sets? It&#8217;s really hard without some good collection,&#8221; Blackford explained.<\/p>\n<p>Palo Alto Networks&#8217; Unit 42 security team has also observed a surge in DarkGate usage since September 2023.<\/p>\n<h3 class=\"crosshead\">QBot takedown gives rise to DarkGate<\/h3>\n<p>The timing of this increase, according to both security firms, isn&#8217;t a coincidence. It lines up with the FBI-led law enforcement effort to <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2023\/08\/29\/duck_hunt_qakbot\/\" rel=\"noopener\">disrupt QBot<\/a> (aka Qakbot) and that notorious botnet and malware loader&#8217;s infrastructure in August 2023.<\/p>\n<p>&#8220;In the aftermath of the QBot takedown, we saw the main actor who was distributing QBot pivot to DarkGate, and then a number of other actors followed suit,&#8221; Blackford observed. &#8220;You have this follow-the-leader pattern.&#8221;<\/p>\n<p>Since last August, Unit 42 also reported seeing several campaigns distributing DarkGate, which the threat intel unit says also advertises hidden virtual network computing, cryptomining, and reverse shell remote control among its malicious capabilities.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZpZC5C-2MXNtZUxVkm5LGQAAAAU&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZpZC5C-2MXNtZUxVkm5LGQAAAAU&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>In a July 10 report, Palo Alto detailed one campaign that began in March and used Microsoft Excel files as the starting point. These files contained a URL that directed victims to a public-facing Samba\/SMB file share with the goal being to trick victims into downloading DarkGate on their devices.<\/p>\n<p>The attacks &#8220;<a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/unit42.paloaltonetworks.com\/darkgate-malware-uses-excel-files\/\">mostly targeted North America<\/a> in the beginning but slowly spread to Europe as well as parts of Asia,&#8221; according to Unit 42&#8217;s Vishwa Thothathri, Yijie Sui, Anmol Maurya, Uday Pratap Singh and Brad Duncan. &#8220;Our telemetry indicates some peaks of activity, with the standout on April 9, 2024, with almost 2,000 samples on that single day.&#8221;<\/p>\n<p>Unit 42\u2019s report also found evidence that &#8220;appears to have been data exfiltration in five HTTP POST requests sending nearly 218KB of data.&#8221;<\/p>\n<h3 class=\"crosshead\">Evasion expertise<\/h3>\n<p>DarkGate also uses several evasion techniques to avoid being detected. This includes encryption, code obfuscation, and several scans of the target environment, including checking the target&#8217;s CPU to determine whether it is running in a virtual or physical machine, thus &#8220;enabling DarkGate to cease operations to avoid being analyzed in a controlled environment,&#8221; the Unit 42 crew wrote.<\/p>\n<p>They also list 26 anti-malware products that DarkGate checks to see are operating on the target machine \u2013 including Windows Defender and SentinelOne.<\/p>\n<p>&#8220;With its multifaceted attack vectors and evolution into a full-fledged MaaS offering, DarkGate demonstrates a high level of complexity and persistence,&#8221; according to the security shop.<\/p>\n<p><em>The Register<\/em> suggests reading the analysis in full. It&#8217;s got great technical details and a long list of indicators of compromise that can be useful in threat hunting on your network.<\/p>\n<p>It&#8217;s also worth pointing out that DarkGate and other malware campaigns continue to use phishing emails and send malicious files for one reason: because these techniques work.<\/p>\n<p>So in addition to implementing a layered approach to security \u2013 including tools that block malicious messages before they reach users&#8217; inboxes but then also detect threats post-delivery \u2013 preventing these types of attacks requires training employees about how to spot fake emails and log-in pages. \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2024\/07\/16\/darkgate_malware\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Meet the new boss, same as the old boss The DarkGate malware family has become more prevalent in recent months, after one of its main competitors was taken down by the FBI.\u2026  READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-56583","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>DarkGate, the Swiss Army knife of malware, sees boom after rival Qbot crushed 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/darkgate-the-swiss-army-knife-of-malware-sees-boom-after-rival-qbot-crushed\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"DarkGate, the Swiss Army knife of malware, sees boom after rival Qbot crushed 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/darkgate-the-swiss-army-knife-of-malware-sees-boom-after-rival-qbot-crushed\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2024-07-16T00:38:20+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZpZC5C-2MXNtZUxVkm5LGQAAAAU&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/darkgate-the-swiss-army-knife-of-malware-sees-boom-after-rival-qbot-crushed\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/darkgate-the-swiss-army-knife-of-malware-sees-boom-after-rival-qbot-crushed\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"DarkGate, the Swiss Army knife of malware, sees boom after rival Qbot crushed\",\"datePublished\":\"2024-07-16T00:38:20+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/darkgate-the-swiss-army-knife-of-malware-sees-boom-after-rival-qbot-crushed\\\/\"},\"wordCount\":782,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/darkgate-the-swiss-army-knife-of-malware-sees-boom-after-rival-qbot-crushed\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZpZC5C-2MXNtZUxVkm5LGQAAAAU&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/darkgate-the-swiss-army-knife-of-malware-sees-boom-after-rival-qbot-crushed\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/darkgate-the-swiss-army-knife-of-malware-sees-boom-after-rival-qbot-crushed\\\/\",\"name\":\"DarkGate, the Swiss Army knife of malware, sees boom after rival Qbot crushed 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/darkgate-the-swiss-army-knife-of-malware-sees-boom-after-rival-qbot-crushed\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/darkgate-the-swiss-army-knife-of-malware-sees-boom-after-rival-qbot-crushed\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZpZC5C-2MXNtZUxVkm5LGQAAAAU&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2024-07-16T00:38:20+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/darkgate-the-swiss-army-knife-of-malware-sees-boom-after-rival-qbot-crushed\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/darkgate-the-swiss-army-knife-of-malware-sees-boom-after-rival-qbot-crushed\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/darkgate-the-swiss-army-knife-of-malware-sees-boom-after-rival-qbot-crushed\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZpZC5C-2MXNtZUxVkm5LGQAAAAU&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZpZC5C-2MXNtZUxVkm5LGQAAAAU&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/darkgate-the-swiss-army-knife-of-malware-sees-boom-after-rival-qbot-crushed\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"DarkGate, the Swiss Army knife of malware, sees boom after rival Qbot crushed\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"DarkGate, the Swiss Army knife of malware, sees boom after rival Qbot crushed 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/darkgate-the-swiss-army-knife-of-malware-sees-boom-after-rival-qbot-crushed\/","og_locale":"en_US","og_type":"article","og_title":"DarkGate, the Swiss Army knife of malware, sees boom after rival Qbot crushed 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/darkgate-the-swiss-army-knife-of-malware-sees-boom-after-rival-qbot-crushed\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2024-07-16T00:38:20+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZpZC5C-2MXNtZUxVkm5LGQAAAAU&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/darkgate-the-swiss-army-knife-of-malware-sees-boom-after-rival-qbot-crushed\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/darkgate-the-swiss-army-knife-of-malware-sees-boom-after-rival-qbot-crushed\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"DarkGate, the Swiss Army knife of malware, sees boom after rival Qbot crushed","datePublished":"2024-07-16T00:38:20+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/darkgate-the-swiss-army-knife-of-malware-sees-boom-after-rival-qbot-crushed\/"},"wordCount":782,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/darkgate-the-swiss-army-knife-of-malware-sees-boom-after-rival-qbot-crushed\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZpZC5C-2MXNtZUxVkm5LGQAAAAU&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/darkgate-the-swiss-army-knife-of-malware-sees-boom-after-rival-qbot-crushed\/","url":"https:\/\/www.threatshub.org\/blog\/darkgate-the-swiss-army-knife-of-malware-sees-boom-after-rival-qbot-crushed\/","name":"DarkGate, the Swiss Army knife of malware, sees boom after rival Qbot crushed 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/darkgate-the-swiss-army-knife-of-malware-sees-boom-after-rival-qbot-crushed\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/darkgate-the-swiss-army-knife-of-malware-sees-boom-after-rival-qbot-crushed\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZpZC5C-2MXNtZUxVkm5LGQAAAAU&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2024-07-16T00:38:20+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/darkgate-the-swiss-army-knife-of-malware-sees-boom-after-rival-qbot-crushed\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/darkgate-the-swiss-army-knife-of-malware-sees-boom-after-rival-qbot-crushed\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/darkgate-the-swiss-army-knife-of-malware-sees-boom-after-rival-qbot-crushed\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZpZC5C-2MXNtZUxVkm5LGQAAAAU&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZpZC5C-2MXNtZUxVkm5LGQAAAAU&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/darkgate-the-swiss-army-knife-of-malware-sees-boom-after-rival-qbot-crushed\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"DarkGate, the Swiss Army knife of malware, sees boom after rival Qbot crushed"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/56583","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=56583"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/56583\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=56583"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=56583"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=56583"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}