Security News > 2024 > February > Hackers used new Windows Defender zero-day to drop DarkMe malware
Microsoft has patched today a Windows Defender SmartScreen zero-day exploited in the wild by a financially motivated threat group to deploy the DarkMe remote access trojan.
The hacking group was spotted using the zero-day in attacks on New Year's Eve day by Trend Micro security researchers.
CVE-2023-36025 was patched during the November 2023 Patch Tuesday, and, as Trend Micro revealed last month, it was also exploited to bypass Windows security prompts when opening URL files to deploy the Phemedrone info-stealer malware.
The attackers' goal was to trick targeted traders into installing the DarkMe malware via social engineering.
They used a high-severity vulnerability in the WinRAR software used by over 500 million users to compromise trading accounts several months before a patch was available.
News URL
Related news
- Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware (source)
- Windows MSHTML zero-day used in malware attacks for over a year (source)
- Andariel Hackers Target South Korean Institutes with New Dora RAT Malware (source)
- Hackers Use MS Excel Macro to Launch Multi-Stage Malware Attack in Ukraine (source)
- Hackers Exploit Legitimate Packer Software to Spread Malware Undetected (source)
- Black Basta ransomware gang linked to Windows zero-day attacks (source)
- Black Basta Ransomware May Have Exploited MS Windows Zero-Day Flaw (source)
- Ransomware crew may have exploited Windows make-me-admin bug as a zero-day (source)
- New Cross-Platform Malware 'Noodle RAT' Targets Windows and Linux Systems (source)
- Pakistan-linked Malware Campaign Evolves to Target Windows, Android, and macOS (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-14 | CVE-2023-36025 | Unspecified vulnerability in Microsoft products Windows SmartScreen Security Feature Bypass Vulnerability | 8.8 |