A new Windows Defender zero-day is already being exploited to drop dangerous malware
Hackers are exploiting a zero-day vulnerability in Windows Defender SmartScreen to infect crypto traders with malware.
Researchers from Trend Micro revealed a threat actor going by Water Hydra (AKA DarkCasino) abused the zero-day, now tracked as CVE-2024-21412, in attacks conducted on New Year’s Eve 2023.
Microsoft has since released a patch, and in a follow-up advisory, explained that an unauthenticated attacker “could send the targeted user a specially crafted file that is designed to bypass displayed security checks.”
Spearphishing on Telegram
Microsoft further explained that the attack still relies on victim action: “However, the attacker would have no way to force a user to view the attacker-controlled content. Instead, the attacker would have to convince them to take action by clicking on the file link.”
Trend Micro claims Water Hydra was joining Telegram channels and forums for forex, stock, and crypto traders, and used spearphishing techniques to get people to install the DarkMe malware. The group shared a stock chart that linked to fxbulls[.]ru, a compromised Russian trading information site that, in fact, impersonates fxbulls[.]com, a forex broker platform.
DarkMe, while dangerous on its own, was just a step towards the final goal, which was to deploy ransomware, the researchers claim.
“In late December 2023, we began tracking a campaign by the Water Hydra group that contained similar tools, tactics, and procedures (TTPs) that involved abusing internet shortcuts (.URL) and Web-based Distributed Authoring and Versioning (WebDAV) components,” Trend Micro explained.
“We concluded that calling a shortcut within another shortcut was sufficient to evade SmartScreen, which failed to properly apply Mark-of-the-Web (MotW), a critical Windows component that alerts users when opening or running files from an untrusted source.”
The crypto industry has always been a popular target for cybercriminals. However, with bitcoin exchange-traded funds (ETF) finally approved, and the Bitcoin halving just two months away, the crypto industry is poised for yet another eye-watering bull run. This, as was the case in the past, will also attract more criminals.
Via BleepingComputer
More from TechRadar Pro
-
The best Walmart Cyber Monday deals 2023
-
Jordan Poole took time to showboat and got his shot blocked into the stratosphere
-
The Top Canadian REITs to Buy in November 2023
-
OpenAI’s board might have been dysfunctional–but they made the right choice. Their defeat shows that in the battle between AI profits and ethics, it’s no contest
-
Russia-Ukraine Drone Warfare Rages With Dozens Headed for Moscow, Amid Deadly Winter Storm
-
Trump tells appeals court that threats to judge and clerk in NY civil fraud trial do not justify gag order
-
Can Anyone Take Paxlovid for Covid? Doctors Explain.
-
Google this week will begin deleting inactive accounts. Here's how to save yours.
-
How John Tortorella's Culture Extends from the Philadelphia Flyers to the AHL Phantoms
-
Tri-Cities' hatcheries report best Coho return in years
-
Wild release Dean Evason of head coaching duties
-
Air New Zealand’s Cyber Monday Sale Has the 'Lowest Fares of 2023' to Auckland, Sydney, and More
-
NDP tells Liberals to sweeten the deal if pharmacare legislation is delayed
-
'1,000 contacts with a club': Tiger Woods breaks down his typical tournament prep to college kids in fascinating video