Security News > 2024 > January > Why we update... Data-thief malware exploits SmartScreen on unpatched Windows PCs

Criminals are exploiting a Windows Defender SmartScreen bypass vulnerability to infect PCs with Phemedrone Stealer, a malware strain that scans machines for sensitive information - passwords, cookies, authentication tokens, you name it - to grab and leak.
That file exploits CVE-2023-36025 to evade the Windows SmartScreen as it downloads and opens a.cpl file, which is a Windows control panel item.
CVE-2023-36025 affects Microsoft Windows Defender SmartScreen and stems from the lack of checks and associated prompts on Internet Shortcut files.
Microsoft Windows Defender SmartScreen should warn users with a security prompt before executing the.
The attackers craft a Windows shortcut file to evade the SmartScreen protection prompt by employing a.cpl file as part of a malicious payload delivery mechanism.
Again, if you didn't do so in November, it's high time to update your Windows installations or risk becoming the next victim of these data thieves.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/01/12/windows_phemedrone_stealer/
Related news
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
- Microsoft lifts Windows 11 update block for some AutoCAD users (source)
- Windows 11 KB5053598 & KB5053602 cumulative updates released (source)
- Windows 10 KB5053606 update fixes broken SSH connections (source)
- Microsoft: Recent Windows updates make USB printers print random text (source)
- Microsoft: March Windows updates mistakenly uninstall Copilot (source)
- APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373) (source)
- Microsoft fixes Windows update bug that uninstalled Copilot (source)
- Steam pulls game demo infecting Windows with info-stealing malware (source)
- Windows 11 update breaks Veeam recovery, causes connection errors (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-14 | CVE-2023-36025 | Unspecified vulnerability in Microsoft products Windows SmartScreen Security Feature Bypass Vulnerability | 8.8 |