January 16, 2024 at 02:45AM
Threat actors exploit a patched security flaw in Microsoft Windows to deploy the Phemedrone Stealer, targeting web browsers, cryptocurrency wallets, and messaging apps. The flaw, CVE-2023-36025, allows attackers to bypass Windows SmartScreen protection. Despite being patched, threat actors find ways to exploit the flaw, highlighting their flexibility in adapting attack tactics.
From the meeting notes on Jan 16, 2024, the key takeaways are:
1. Threat actors are leveraging a now-patched security flaw in Microsoft Windows (CVE-2023-36025) to deploy an open-source information stealer called Phemedrone Stealer.
2. Phemedrone Stealer targets web browsers, cryptocurrency wallets, and messaging apps such as Telegram, Steam, and Discord, and can also take screenshots and gather system information.
3. The attack involves tricking users into clicking on specially crafted Internet Shortcut files, which then connect to an actor-controlled server and execute a series of malicious files, ultimately leading to the deployment of Phemedrone Stealer.
4. Despite being patched, threat actors continue to find ways to exploit CVE-2023-36025 and evade Windows Defender SmartScreen protections.
This information highlights the ongoing threat from attackers exploiting Windows security vulnerabilities, and the need for continued vigilance and updated security measures to protect against such exploits.