Security News > 2024 > January > Why we update... Data-thief malware exploits SmartScreen on unpatched Windows PCs

Criminals are exploiting a Windows Defender SmartScreen bypass vulnerability to infect PCs with Phemedrone Stealer, a malware strain that scans machines for sensitive information - passwords, cookies, authentication tokens, you name it - to grab and leak.
That file exploits CVE-2023-36025 to evade the Windows SmartScreen as it downloads and opens a.cpl file, which is a Windows control panel item.
CVE-2023-36025 affects Microsoft Windows Defender SmartScreen and stems from the lack of checks and associated prompts on Internet Shortcut files.
Microsoft Windows Defender SmartScreen should warn users with a security prompt before executing the.
The attackers craft a Windows shortcut file to evade the SmartScreen protection prompt by employing a.cpl file as part of a malicious payload delivery mechanism.
Again, if you didn't do so in November, it's high time to update your Windows installations or risk becoming the next victim of these data thieves.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/01/12/windows_phemedrone_stealer/
Related news
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
- Microsoft shares workaround for Windows security update issues (source)
- DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects (source)
- Windows 11 KB5051987 & KB5051989 cumulative updates released (source)
- Windows 10 KB5051974 update force installs new Microsoft Outlook app (source)
- New Mac Malware Poses as Browser Updates (source)
- New FrigidStealer Malware Targets macOS Users via Fake Browser Updates (source)
- Windows 10 KB5052077 update fixes broken SSH connections (source)
- Windows 11 KB5052093 update released with 33 changes and fixes (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-14 | CVE-2023-36025 | Unspecified vulnerability in Microsoft products Windows SmartScreen Security Feature Bypass Vulnerability | 8.8 |