Security News > 2024 > February > Hackers used new Windows Defender zero-day to drop DarkMe malware
Microsoft has patched today a Windows Defender SmartScreen zero-day exploited in the wild by a financially motivated threat group to deploy the DarkMe remote access trojan.
The hacking group was spotted using the zero-day in attacks on New Year's Eve day by Trend Micro security researchers.
CVE-2023-36025 was patched during the November 2023 Patch Tuesday, and, as Trend Micro revealed last month, it was also exploited to bypass Windows security prompts when opening URL files to deploy the Phemedrone info-stealer malware.
The attackers' goal was to trick targeted traders into installing the DarkMe malware via social engineering.
They used a high-severity vulnerability in the WinRAR software used by over 500 million users to compromise trading accounts several months before a patch was available.
News URL
Related news
- Hackers abuse Windows SmartScreen flaw to drop DarkGate malware (source)
- Hackers exploit Windows SmartScreen flaw to drop DarkGate malware (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Researchers claim Windows Defender can be fooled into deleting databases (source)
- Windows Kernel bug fixed last month exploited as zero-day since August (source)
- Hackers steal Windows NTLM authentication hashes in phishing attacks (source)
- Hackers Exploit ConnectWise ScreenConnect Flaws to Deploy TODDLERSHARK Malware (source)
- Hackers target Docker, Hadoop, Redis, Confluence with new Golang malware (source)
- Magnet Goblin hackers use 1-day flaws to drop custom Linux malware (source)
- Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-14 | CVE-2023-36025 | Unspecified vulnerability in Microsoft products Windows SmartScreen Security Feature Bypass Vulnerability | 8.8 |