Security News > 2024 > March > Hackers exploit Windows SmartScreen flaw to drop DarkGate malware

Hackers exploit Windows SmartScreen flaw to drop DarkGate malware
2024-03-13 21:26

A new wave of attacks by the DarkGate malware operation exploits a now-fixed Windows Defender SmartScreen vulnerability to bypass security checks and automatically install fake software installers.

The flaw tracked as CVE-2024-21412 is a Windows Defender SmartScreen flaw that allows specially crafted downloaded files to bypass these security warnings.

Microsoft fixed the flaw in mid-February, with Trend Micro disclosing that the financially motivated Water Hydra hacking group previously exploited it as a zero-day to drop their DarkMe malware onto traders' systems.

Upon execution of the MSI installer, another DLL sideloading flaw involving the "Libcef.dll" file and a loader named "Sqlite3.dll" will decrypt and execute the DarkGate malware payload on the system.

Hackers used new Windows Defender zero-day to drop DarkMe malware.

Windows SmartScreen flaw exploited to drop Phemedrone malware.


News URL

https://www.bleepingcomputer.com/news/security/hackers-exploit-windows-smartscreen-flaw-to-drop-darkgate-malware/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-02-13 CVE-2024-21412 Unspecified vulnerability in Microsoft products
Internet Shortcut Files Security Feature Bypass Vulnerability
network
low complexity
microsoft
8.1