1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Microsoft SmartScreen vulnerability can be abused to deploy malwa

    From TechnologyDaily@1337:1/100 to All on Mon Jul 8 17:30:05 2024
    Microsoft SmartScreen vulnerability can be abused to deploy malware, and its happening in the wild

    Date:
    Mon, 08 Jul 2024 17:23:22 +0000

    Description:
    Hackers are abusing a flaw to drop infostealers from people in Spain, the US, and Australia.

    FULL STORY ======================================================================

    Hackers are actively exploiting a known vulnerability in Microsoft
    SmartScreen to deploy malware .

    This is according to a new report from cybersecurity researchers Cyble who,
    in a recent blog post detailing the newest campaigns, urged users to apply
    the patch immediately, since Microsoft addressed this problem months ago.

    Microsoft SmartScreen is a security feature that the Redmond giant integrated into different Microsoft products, including Windows, Microsoft Edge, and Outlook. By analyzing websites and downloaded files, it provides protection against phishing and malware attacks. Lumma and Meduza Stealer

    However, in mid-January 2024, The Zero Day Initiative (ZDI) observed threat actors abusing a flaw in the feature to deliver the DarkGate commodity
    loader. The vulnerability is now tracked as CVE-2024-21412, and is described as an internet shortcut files security feature bypass vulnerability. In other words, threat actors can bypass SmartScreens security features by having victims click on specially crafted internet links.

    Microsoft issued a patch for the vulnerability on February 13 this year, but it seems that many users did not apply it and remain vulnerable. They are now being targeted by crooks looking to deploy multiple infostealers.

    This new campaign starts with phishing emails, seemingly coming from trusted sources. They carry internet shortcuts hosted on a remote WebDAV share which, if clicked, execute another .LNK file hosted on the same share, triggering
    the infection chain. The chain ends with the victims being infected with
    Lumma and Meduza Stealer.

    These are popular infostealers that can grab peoples passwords, cookies, credit card information, cryptowallet data, VPN credentials, FTP credentials, browser autofill data, sensitive documents, screenshots, system information, and more.

    The researchers dont know exactly how many people fell prey to this campaign. They do know that the threat actors are targeting a wide array of individuals and organizations in different regions and sectors. Based on the fake documents being spread in the phishing emails, the attackers are going after people in Spain, the United States, and Australia. More from TechRadar Pro This malware uses trigonometry to stop it from being detected and blocked Here's a list of the best firewalls around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/microsoft-smartscreen-vulnerability-can -be-abused-to-deploy-malware-and-its-happening-in-the-wild


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)