July 24, 2024 at 03:04AM
A Microsoft Defender SmartScreen security flaw, CVE-2024-21412, was exploited in a campaign targeting Spain, Thailand, and the U.S. to deliver ACR Stealer, Lumma, and Meduza. Attackers use booby-trapped files to drop malicious payloads, bypassing SmartScreen protection. This highlights the ongoing threat of information stealers and the need for vigilance in downloading applications.
From the meeting notes, it is clear that there have been significant developments in the area of malvertising and threat intelligence. A new campaign has been identified, targeting Spain, Thailand, and the U.S., utilizing booby-trapped files that exploit a now-patched security flaw in Microsoft Defender SmartScreen. The campaign delivers information stealers such as ACR Stealer, Lumma, and Meduza.
The attackers initially lure victims into clicking a crafted link to a URL file, which then downloads an LNK file, ultimately leading to the deployment of various information stealers. Notably, ACR Stealer has been recognized as an evolved version of the GrMsk Stealer, utilizing a dead drop resolver technique to hide its [command-and-control].
Furthermore, recent attacks have been observed utilizing macros in Microsoft Word documents to deliver a previously undocumented information stealer called Daolpu, which is capable of harvesting credentials and cookies from various browsers.
In addition to these developments, new stealer malware families such as Braodo and DeerStealer have emerged, and cybercriminals are exploiting malvertising techniques to promote legitimate software such as Microsoft Teams to deploy Atomic Stealer.
Overall, the meeting notes highlight the evolving nature of cyber threats and the need for heightened vigilance and security measures to combat these sophisticated attacks.