A new form of malicious software has been making the rounds, known as DarkGate. After this virus infects a victim’s computer, it can harvest private data, use computers to mine cryptocurrency, remotely control their devices and serve as a way to install more malicious programmes.
一種新形式的惡意軟體正在流行,稱為「DarkGate」。這種病毒感染受害者的電腦後,它可以收集私人數據,使用電腦挖掘加密貨幣,遠端控制他們的設備,並作為安裝更多惡意程式的一種方式。
How DarkGate gets on your deviceDarkGate 如何進入您的裝置
The most significant detail, however, is that it is being transferred via compromised user accounts on messaging platforms like Skype and Microsoft Teams. Once they have control of these accounts, it is just a matter of hackers reading old chat records, writing a message with a similar tone of voice, and then uploading a fake PDF file with the same naming conventions for a victim to click on. This activates a programme that will install DarkGate onto a computer.
然而,最重要的細節是,它是透過 Skype 和 Microsoft Teams 等訊息平台上受損的使用者帳戶進行傳輸的。一旦他們控制了這些帳戶,駭客只需閱讀舊的聊天記錄,用相似的語氣寫一條訊息,然後上傳一個具有相同命名約定的虛假 PDF 文件供受害者點擊即可。這將啟動一個將 DarkGate 安裝到電腦上的程式。
Microsoft Teams is usually infiltrated through Office 365 accounts that the main company itself does not control, and there are other tools hackers employ to gain access to them.
Microsoft Teams 通常透過主公司本身無法控制的 Office 365 帳戶進行滲透,駭客也使用其他工具來存取它們。
The malware business
惡意軟體業務
The use of DarkGate has risen dramatically in recent months, and many hackers are engaging in “social engineering”, in other words, plain old conning and lying to trick users into installing viruses themselves, either by masquerading as friends or computer services, in this case. DarkGate is part of a greater move towards “Malware-as-a-service”, with hackers offering a subscription plan for other users to use the many options the programme offers.
近幾個月來,DarkGate 的使用急劇增加,許多黑客正在從事“社會工程”,換句話說,就是通過偽裝成朋友或計算機服務來誘騙用戶自行安裝病毒。案件。 DarkGate 是向「惡意軟體即服務」邁進的一部分,駭客為其他用戶提供訂閱計劃,以使用該程式提供的多種選項。
Protect yourself from malware
保護自己免受惡意軟體的侵害
Other instant messaging services are valid vectors of attack, which only should remind everyone to avoid making their online accounts accessible to external parties and naturally distrust any uploaded file from anybody – friends, family, etc – who asks you to click on, unless one has fastidiously arranged and confirmed the file transfer beforehand.
其他即時訊息服務是有效的攻擊媒介,這只應該提醒每個人避免讓外部方訪問他們的線上帳戶,並且自然地不要信任任何要求您點擊的人(朋友、家人等)上傳的文件,除非有人有事先精心安排並確認文件傳輸。
Vocabulary
malicious (adj) 惡意的
virus (n) 病毒
hacker (n) 黑客
infiltrate (v) 潛入
masquerade (v) 冒充
fastidiously (adv) 非常講究地
新聞來源:https://student.thestandard.com.hk/text/juniorstandard/article/stories/560
中文翻譯: 晚晚有魚
