Security News > 2024 > January > Why we update... Data-thief malware exploits SmartScreen on unpatched Windows PCs

Why we update... Data-thief malware exploits SmartScreen on unpatched Windows PCs
2024-01-12 23:54

Criminals are exploiting a Windows Defender SmartScreen bypass vulnerability to infect PCs with Phemedrone Stealer, a malware strain that scans machines for sensitive information - passwords, cookies, authentication tokens, you name it - to grab and leak.

That file exploits CVE-2023-36025 to evade the Windows SmartScreen as it downloads and opens a.cpl file, which is a Windows control panel item.

CVE-2023-36025 affects Microsoft Windows Defender SmartScreen and stems from the lack of checks and associated prompts on Internet Shortcut files.

Microsoft Windows Defender SmartScreen should warn users with a security prompt before executing the.

The attackers craft a Windows shortcut file to evade the SmartScreen protection prompt by employing a.cpl file as part of a malicious payload delivery mechanism.

Again, if you didn't do so in November, it's high time to update your Windows installations or risk becoming the next victim of these data thieves.


News URL

https://go.theregister.com/feed/www.theregister.com/2024/01/12/windows_phemedrone_stealer/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-11-14 CVE-2023-36025 Unspecified vulnerability in Microsoft products
Windows SmartScreen Security Feature Bypass Vulnerability
network
low complexity
microsoft
8.8