Security News > 2024 > January > Why we update... Data-thief malware exploits SmartScreen on unpatched Windows PCs
Criminals are exploiting a Windows Defender SmartScreen bypass vulnerability to infect PCs with Phemedrone Stealer, a malware strain that scans machines for sensitive information - passwords, cookies, authentication tokens, you name it - to grab and leak.
That file exploits CVE-2023-36025 to evade the Windows SmartScreen as it downloads and opens a.cpl file, which is a Windows control panel item.
CVE-2023-36025 affects Microsoft Windows Defender SmartScreen and stems from the lack of checks and associated prompts on Internet Shortcut files.
Microsoft Windows Defender SmartScreen should warn users with a security prompt before executing the.
The attackers craft a Windows shortcut file to evade the SmartScreen protection prompt by employing a.cpl file as part of a malicious payload delivery mechanism.
Again, if you didn't do so in November, it's high time to update your Windows installations or risk becoming the next victim of these data thieves.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/01/12/windows_phemedrone_stealer/
Related news
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- Windows Server 2025 previews security updates without restarts (source)
- Microsoft ends development of Windows Server Update Services (WSUS) (source)
- Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware (source)
- Windows 10 KB5043131 update released with 9 changes and fixes (source)
- New Windows Malware Locks Computer in Kiosk Mode (source)
- Windows 11 KB5043145 update released with 13 changes and fixes (source)
- Windows 11 KB5043145 update causes reboot loops, blue screens (source)
- What Is Inside Microsoft’s Major Windows 11 Update? (source)
- Fake browser updates spread updated WarmCookie malware (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-14 | CVE-2023-36025 | Unspecified vulnerability in Microsoft products Windows SmartScreen Security Feature Bypass Vulnerability | 8.8 |