Security News > 2024 > February > Hackers used new Windows Defender zero-day to drop DarkMe malware
Microsoft has patched today a Windows Defender SmartScreen zero-day exploited in the wild by a financially motivated threat group to deploy the DarkMe remote access trojan.
The hacking group was spotted using the zero-day in attacks on New Year's Eve day by Trend Micro security researchers.
CVE-2023-36025 was patched during the November 2023 Patch Tuesday, and, as Trend Micro revealed last month, it was also exploited to bypass Windows security prompts when opening URL files to deploy the Phemedrone info-stealer malware.
The attackers' goal was to trick targeted traders into installing the DarkMe malware via social engineering.
They used a high-severity vulnerability in the WinRAR software used by over 500 million users to compromise trading accounts several months before a patch was available.
News URL
Related news
- Microsoft Will Remove the Free VPN That Comes With Windows Defender Soon (source)
- Ivanti zero-day attacks infected devices with custom malware (source)
- Russia-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware (source)
- FBI wipes Chinese PlugX malware from thousands of Windows PCs in America (source)
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
- Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer (source)
- Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet (source)
- Hackers exploit 16 zero-days on first day of Pwn2Own Automotive 2025 (source)
- Hackers get $886,250 for 49 zero-days at Pwn2Own Automotive 2025 (source)
- Hacker infects 18,000 "script kiddies" with fake malware builder (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-14 | CVE-2023-36025 | Unspecified vulnerability in Microsoft products Windows SmartScreen Security Feature Bypass Vulnerability | 8.8 |