January 12, 2024 at 07:00PM
Criminals exploit Windows Defender SmartScreen bypass vulnerability to spread Phemedrone Stealer malware, targeting sensitive data on PCs. The flaw CVE-2023-36025 was patched by Microsoft in November, but a proof-of-concept exploit has been created. The malware targets various browsers, applications, and cryptocurrency wallets, and uses obfuscation techniques to evade detection. Update Windows to protect against this threat.
Based on the meeting notes, here are the key takeaways:
– Criminals are exploiting a Windows Defender SmartScreen bypass vulnerability to infect PCs with Phemedrone Stealer, a malware strain that targets sensitive information.
– The malware abuses CVE-2023-36025, which Microsoft patched in November, but a proof-of-concept exploit was produced after the patch.
– Phemedrone info-stealer targets various browsers and applications to lift sensitive information like passwords, cookies, and autofill data.
– The malware also targets cryptocurrency wallets and messaging apps, gathers telemetry data, takes screenshots, and exfiltrates information to the attackers.
– Phemedrone is delivered through a malicious .url file that exploits the Windows SmartScreen and leads to the execution of multiple stages of attack.
– The malware employs obfuscation techniques to evade detection.
The recommended action is to update Windows installations to mitigate the risk posed by the CVE-2023-36025 vulnerability and protect against potential attacks by the Phemedrone Stealer malware.