Dark
Light

Data theft malware: exploiting Windows Defender SmartScreen for your vulnerability

1 min read
77 views

In a recently discovered cyber attack, criminals are using a Windows Defender SmartScreen bypass vulnerability to infect PCs with a malware called Phemedrone Stealer. This malware scans machines for sensitive information such as passwords, cookies, and login tokens, and leaks them to the attackers. The malware abuses a vulnerability known as CVE-2023-36025, which Microsoft patched in November. However, the patch was reverse-engineered to create a proof-of-concept exploit. The malware targets various browsers and applications on victims’ PCs and steals information from cryptocurrency wallets and messaging apps. It also collects telemetry data and takes screenshots, sending all of this information to the attackers. The malware is executed by tricking users into downloading and opening a malicious .url file. The user’s PC then gets infected through the exploitation of the SmartScreen vulnerability. Microsoft has warned users to update their Windows installations to protect against this threat.

The Phemedrone Stealer, a malware strain, infects PCs by exploiting a Windows Defender SmartScreen bypass vulnerability. The malware abuses a vulnerability known as CVE-2023-36025, which Microsoft patched in November. However, the patch was reverse-engineered to create a proof-of-concept exploit, allowing cyber criminals to attack systems using the vulnerability. The malware targets various browsers and applications on victims’ PCs and steals sensitive information such as passwords, cookies, and login tokens. It also steals files and data from cryptocurrency wallets and messaging apps. Additionally, the malware collects telemetry data, including hardware specs and geolocation information, and takes screenshots. All of this data is sent to the attackers via Telegram or a remote command-and-control server. The malware is executed by tricking users into downloading and opening a malicious .url file, which exploits the SmartScreen vulnerability. Users are urged to update their Windows installations to protect against this threat.

Previous Story

Stow team joins forces with Browns to protect your cybersecurity

Next Story

Ivanti’s zero-day victims increase; Mandiant adds valuable insights

Latest from News