Security News > 2024 > January > Why we update... Data-thief malware exploits SmartScreen on unpatched Windows PCs
Criminals are exploiting a Windows Defender SmartScreen bypass vulnerability to infect PCs with Phemedrone Stealer, a malware strain that scans machines for sensitive information - passwords, cookies, authentication tokens, you name it - to grab and leak.
That file exploits CVE-2023-36025 to evade the Windows SmartScreen as it downloads and opens a.cpl file, which is a Windows control panel item.
CVE-2023-36025 affects Microsoft Windows Defender SmartScreen and stems from the lack of checks and associated prompts on Internet Shortcut files.
Microsoft Windows Defender SmartScreen should warn users with a security prompt before executing the.
The attackers craft a Windows shortcut file to evade the SmartScreen protection prompt by employing a.cpl file as part of a malicious payload delivery mechanism.
Again, if you didn't do so in November, it's high time to update your Windows installations or risk becoming the next victim of these data thieves.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/01/12/windows_phemedrone_stealer/
Related news
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- Windows 11 KB5043145 update released with 13 changes and fixes (source)
- Windows 11 KB5043145 update causes reboot loops, blue screens (source)
- What Is Inside Microsoft’s Major Windows 11 Update? (source)
- Fake browser updates spread updated WarmCookie malware (source)
- Windows 10 KB5044273 update released with 9 fixes, security updates (source)
- Windows 11 KB5044284 and KB5044285 cumulative updates released (source)
- Microsoft fixes Remote Desktop issues caused by Windows Server update (source)
- OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf (source)
- Iranian hackers now exploit Windows flaw to elevate privileges (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-14 | CVE-2023-36025 | Unspecified vulnerability in Microsoft products Windows SmartScreen Security Feature Bypass Vulnerability | 8.8 |