Security News > 2024 > January > Why we update... Data-thief malware exploits SmartScreen on unpatched Windows PCs
Criminals are exploiting a Windows Defender SmartScreen bypass vulnerability to infect PCs with Phemedrone Stealer, a malware strain that scans machines for sensitive information - passwords, cookies, authentication tokens, you name it - to grab and leak.
That file exploits CVE-2023-36025 to evade the Windows SmartScreen as it downloads and opens a.cpl file, which is a Windows control panel item.
CVE-2023-36025 affects Microsoft Windows Defender SmartScreen and stems from the lack of checks and associated prompts on Internet Shortcut files.
Microsoft Windows Defender SmartScreen should warn users with a security prompt before executing the.
The attackers craft a Windows shortcut file to evade the SmartScreen protection prompt by employing a.cpl file as part of a malicious payload delivery mechanism.
Again, if you didn't do so in November, it's high time to update your Windows installations or risk becoming the next victim of these data thieves.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/01/12/windows_phemedrone_stealer/
Related news
- Windows 10 KB5035941 update released with lock screen widgets (source)
- Windows 11 KB5035942 update enables Moment 5 features for everyone (source)
- Windows 11 22H2 Home and Pro get preview updates until June 26 (source)
- Detecting Windows-based Malware Through Better Visibility (source)
- Recent Windows updates break Microsoft Connected Cache delivery (source)
- Windows 11 KB5036893 update released with 29 changes, Moment 5 features (source)
- Windows 10 KB5036892 update released with 23 new fixes, changes (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- SoumniBot malware exploits Android bugs to evade detection (source)
- Microsoft: APT28 hackers exploit Windows flaw reported by NSA (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-14 | CVE-2023-36025 | Unspecified vulnerability in Microsoft products Windows SmartScreen Security Feature Bypass Vulnerability | 8.8 |