DarkGate malware operators are exploiting a now-fixed Windows Defender SmartScreen vulnerability to automatically install fake software installers and drop their malware onto targeted systems. The flaw, tracked as CVE-2024-21412, allows specially crafted downloaded files to bypass security warnings. The attack involves a complex and multi-step infection chain, utilizing malicious emails, open redirects, Windows shortcuts, and MSI files masquerading as legitimate software. Trend Micro has detailed the DarkGate infection chain and published indicators of compromise (IoCs) for this campaign, urging users to apply Microsoft's February 2024 Patch Tuesday update to mitigate the risk.
The Mispadu banking Trojan has been observed exploiting a now-patched Windows SmartScreen security flaw to target users in Mexico, with phishing emails being the primary method of propagation. This Delphi-based malware has been active in the Latin American region, harvesting over 90,000 bank account credentials since August 2022. The exploit involves the use of rogue internet shortcut files within fake ZIP archives to bypass SmartScreen warnings, allowing the malware to selectively target victims and establish contact with a command-and-control server for data exfiltration. Additionally, the article highlights the use of DICELOADER by the Russian e-crime group FIN7 and the discovery of new malicious cryptocurrency mining campaigns by AhnLab.
Hackers are exploiting a high-severity vulnerability in Windows SmartScreen to spread the Phemedrone info-stealing malware, bypassing security warnings and potentially compromising user data. Updating Windows with the latest security patches is crucial to protect against this threat, as hackers are using trusted cloud services and URL shorteners to disguise malicious files. Users are advised to be cautious when downloading files and to stick to trusted sources, as hackers may exploit compromised accounts to spread malware. While the SmartScreen flaw has been patched, vigilance and regular software updates are essential to stay safe from evolving cyber threats.
