Patched Microsoft Defender flaw still being used to deliver information-stealing malware to vulnerable machines

[Pelican Press 0]

This is the hidden content, please

• Sign In
• or
• Sign Up

Patched

This is the hidden content, please

• Sign In
• or
• Sign Up

Defender flaw still being used to deliver information-stealing malware to vulnerable machines

data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///ywAAAAAAQABAAACAUwAOw==

A high-severity vulnerability in

This is the hidden content, please

• Sign In
• or
• Sign Up

Defender SmartScreen is being used to deliver information-stealing malware in Spain, Thailand, and the U.S., security researchers say. The researchers discovered the stealer campaign using ******-trapped files to exploit the vulnerability and deliver information stealers such as ACR Stealer, Lumma, and Meduza.

Fortinet FortiGuard Labs observed the latest stealer campaign spreading multiple files that can sidestep

This is the hidden content, please

• Sign In
• or
• Sign Up

Defender’s SmartScreen to download malicious software to target computers. The security vulnerability was addressed in CVE-2024-21412.

Since

This is the hidden content, please

• Sign In
• or
• Sign Up

closed this security ***** with an update released in February 2024, the news underscores the importance of installing security updates promptly. The disclosure comes on the heels of the CrowdStrike outage, which is also being leveraged to deliver malware:

This is the hidden content, please

• Sign In
• or
• Sign Up

that threat actors are delivering a fake recovery manual that delivers a previously undocumented stealer called Daolpu.

Security researcher Cara Lin said (

This is the hidden content, please

• Sign In
• or
• Sign Up

The Hacker News) that the attackers “lure victims into clicking a crafted link to a URL file designed to download an LNK file.” Once downloaded and opened, the LNK file downloads an executable file containing an HTML Application (HTA) script.

Next, the HTA decodes and decrypts obfuscated PowerShell code that retrieves decoy PDF files along with a shell code injector. This shell code injector then deploys and launches the malicious software. The malware transmits information from web browsers, crypto wallets, messaging apps, FTP and email clients, VPN services, and password managers through a ***** drop resolver on the Steam community website, a popular gaming service.

ACR Stealer targets a wide variety of popular applications. These include multiple versions of

This is the hidden content, please

• Sign In
• or
• Sign Up

Chrome, Epic Privacy Browser, Vivaldi,

This is the hidden content, please

• Sign In
• or
• Sign Up

Edge, Opera, and Mozilla Firefox, to name a few. It also targets messenger apps including Telegram, Pidgin, Signal, Tox, Psi, Psi+, and WhatsApp, along with numerous FTP clients.

VPN services NordVPN and AzireVPN have also been targeted, as have password managers Bitwarden, NordPass, 1Password, and RoboForm. While the hijacked data from a password manager should be encrypted, there ******** some risk of sensitive data being pulled from them. Fortinet has a complete list of known targeted software in its

This is the hidden content, please

• Sign In
• or
• Sign Up

.

Get Tom’s Hardware’s best news and in-depth reviews, straight to your inbox.

Again, the

This is the hidden content, please

• Sign In
• or
• Sign Up

Defender SmartScreen vulnerability was patched in a February 2024 security update. However, if an organization doesn’t install such updates regularly, it ******** vulnerable to the threat.

This is the hidden content, please

• Sign In
• or
• Sign Up

#Patched #

This is the hidden content, please

• Sign In
• or
• Sign Up

#Defender #flaw #deliver #informationstealing #malware #vulnerable #machines

This is the hidden content, please

• Sign In
• or
• Sign Up

This is the hidden content, please

• Sign In
• or
• Sign Up

For verified travel tips and real support, visit: https://hopzone.eu/