A report released by HP Inc. reveals that cybercriminals are evolving attacks methods to better influence targets and infect endpoints. One such method is the DarkGate campaign, in which ad tools are used to deploy malware. Users are drawn to click a malicious PDF attachment disguised as a OneDrive error notification.

This campaign establishes several threats for users. These attachments allow attackers to observe which lures are the most effective so they can perfect their method, and CAPTCHA tools prevent the scanning of malware by blocking sandboxes. DarkGate provides cybercriminals with backdoor network access, leaving users vulnerable to information theft and ransomware.

The report also analyzes trends seen in Q4 of 2023. Office applications were exploited, with 84% of attempted unauthorized accesses incorporating spreadsheets and 73% incorporating Word documents. Furthermore, the use of PDF malware is increasing, as 11% of malware deployed PDFs in Q4 as opposed to 4% in Q1 and Q2.

Cybercriminals are using trusted sharing websites to spread malicious files. Sites trusted by organizations, such as Discord and TextBin, are being leveraged by attackers to evade malware scanners.