Hackers are always looking for clever ways to bypass the best anti-virus software in order to successfully distribute malware, and now it appears they have found a way to bypass one of Windows Defender's built-in security mechanisms
As reported by BleepingComputer, a new campaign to spread Phemedrone information-stealing malware exploits a high severity vulnerability in Windows SmartScreen (tracked as CVE-2023-36025)
Even if you have never heard of Windows SmartScreen, you are probably familiar with this feature Normally, when you download a URL file online, a security warning pops up to inform you that this type of file is dangerous However, by exploiting this vulnerability in Windows SmartScreen, hackers can turn off these prompts completely, resulting in more users opening malicious files
If you are worried about accidentally downloading a dangerous file and infecting your PC with malware, here is all you need to know about this new campaign and some tips to keep you safe online
According to a new report from Trend Micro, in addition to Phemedrone, there is another malware family that exploits this Windows SmartScreen vulnerability to trick unsuspecting users into opening dangerous files
One way the hackers behind this and similar campaigns make malicious files appear less dangerous is by hosting them on trusted cloud services such as Discord or FileTransferio They also use URL shortening services to further disguise themselves
When these malicious URL files are opened, a control panel item (cpl) file is downloaded from a command and control (C&C) server run by the hackers behind this campaign This file is used to launch a PowerShell loader that retrieves a malicious ZIP file containing Phemedrone malware disguised as a PDF file labeled "Securepdf"
Once the Phemedrone malware is installed on the victim's PC, it can retrieve passwords, cookies, and autofill data from Chromium-based browsers and several good password management tools including LastPass and KeePass However, the data is stored on the victim's PC However, they can also steal funds from crypto wallets as well as files and folders stored on the victim's PC
SmartScreen has already been patched This means that by updating your PC with the latest Windows security updates, you can protect yourself from attacks that exploit this highly critical flaw
As they often do, hackers love to prey on users who have not yet updated their best laptops and best computers with the latest software While it may seem annoying at times, installing updates from Microsoft as soon as they become available is one of the easiest ways to stay safe from hackers and other cybercriminals
Attacks like the above can bypass the best Windows antivirus software, so it is up to you to make sure you do not download or attempt to open potentially dangerous files If you don't pirate games or movies, you are already off to a good start, as most malware is spread this way Likewise, you want to be very careful when downloading files from colleagues, friends, and even family members This is because hackers may be trying to compromise their accounts and use their contacts as a means to further spread their malicious payloads
For this reason, you want to be sure to download files from trusted sites and sources; Google, Microsoft, and other tech giants frequently scan files stored on the best cloud storage services for malware and other threats
The Windows SmartScreen flaw may have been fixed, but hackers will likely continue to exploit this vulnerability even though it has already been patched
Comments