Hackers Exploit Windows Smartscreen Flaw to Drop Darkgate Malware
-
Hackers Exploit Windows Smartscreen Flaw to Drop Darkgate Malware
A new wave of attacks by the DarkGate malware operation exploits a now-fixed Windows Defender SmartScreen vulnerability to bypass security checks and automatically install fake software installers. SmartScreen is a Windows security feature that displays a warning when users attempt to run unrecognized or suspicious files downloaded from the internet. The flaw tracked as CVE-2024-21412 is a Windows Defender SmartScreen flaw that allows specially crafted downloaded files to bypass these security warnings. Attackers can exploit the flaw by creating a Windows Internet shortcut (.url file) that points to another .url file hosted on a remote SMB share, which would cause the file at the final location to be executed automatically. Microsoft fixed the flaw in mid-February, Pikabot has filled the void created by QBot's disruption last summer and is used by multiple cybercriminals for malware distribution. Trend Micro has published the complete list of the indicators of compromise (IoCs) for this DarkGate campaign on this webpage.
ที่มาแหล่งข่าว
https://www.bleepingcomputer.com/news/security/hackers-exploit-windows-smartscreen-flaw-to-drop-darkgate-malware/สามารถติดตามข่าวสารได้ที่ webboard หรือ Facebook NCSA Thailand