Trends
Microsoft Defender’s security breach enables spread of dangerous malware
OUR TAKE The ongoing exploitation of the Microsoft Defender SmartScreen vulnerability highlights the persistent threat of cyber attacks targeting security weaknesses. The rapid deployment of sophisticated infostealers underscores the need for timely updates and vigilant security practices. — Zoey Zh…
Headline
OUR TAKE The ongoing exploitation of the Microsoft Defender SmartScreen vulnerability highlights the persistent threat of cyber attacks targeting security weaknesses. The rapid deployment of sophisticated infostealers underscores the need for timely updates and vigilant security…
Context
OUR TAKE The ongoing exploitation of the Microsoft Defender SmartScreen vulnerability highlights the persistent threat of cyber attacks targeting security weaknesses. The rapid deployment of sophisticated infostealers underscores the need for timely updates and vigilant security practices. — Zoey Zhu, BTW reporter A critical vulnerability in Microsoft Defender SmartScreen , tracked as CVE-2024-21412, is being actively exploited by cybercriminals to spread malware. FortiGuard Labs has reported a new campaign targeting victims in Spain, Thailand, and the US with malware variants such as ARC Stealer, Lumma, and Meduza. This flaw enables attackers to bypass SmartScreen’s defenses, which are designed to protect users from online threats.
Evidence
Pending intelligence enrichment.
Analysis
The exploitation begins when victims click on a crafted link that downloads an LNK file, which in turn executes an HTML Application script. This vulnerability was first identified in mid-February 2024, with Trend Micro noting its abuse by the threat actor Water Hydra (DarkCasino) targeting crypto traders. Despite Microsoft releasing a patch for the flaw on February 13, 2024, it continues to be a target for cybercriminals. Also read: Microsoft launches fix for CrowdStrike-affected Windows PCs Also read: Open AI, Nvidia, Google and others form AI security alliance The ongoing exploitation of CVE-2024-21412 illustrates the growing sophistication and persistence of cyber threats, underscoring the critical need for timely and effective security measures. This vulnerability’s exploitation demonstrates how cybercriminals are adapting their strategies to bypass even advanced security features like Microsoft Defender SmartScreen. The use of infostealers such as ARC Stealer, Lumma, and Meduza reflects a shift towards more targeted attacks designed to extract sensitive information, including personal files, login credentials, and cryptocurrency data.
Key Points
- Cybercriminals are using a vulnerability in Microsoft Defender SmartScreen to deploy various types of malware, including ARC Stealer, Lumma, and Meduza.
- The flaw, tracked as CVE-2024-21412, allows attackers to bypass Windows Defender’s protections, affecting users in Spain, Thailand, and the US.
Actions
Pending intelligence enrichment.
