- Cybercriminals are using a vulnerability in Microsoft Defender SmartScreen to deploy various types of malware, including ARC Stealer, Lumma, and Meduza.
- The flaw, tracked as CVE-2024-21412, allows attackers to bypass Windows Defender’s protections, affecting users in Spain, Thailand, and the US.
OUR TAKE
The ongoing exploitation of the Microsoft Defender SmartScreen vulnerability highlights the persistent threat of cyber attacks targeting security weaknesses. The rapid deployment of sophisticated infostealers underscores the need for timely updates and vigilant security practices.
— Zoey Zhu, BTW reporter
What happened
A critical vulnerability in Microsoft Defender SmartScreen, tracked as CVE-2024-21412, is being actively exploited by cybercriminals to spread malware. FortiGuard Labs has reported a new campaign targeting victims in Spain, Thailand, and the US with malware variants such as ARC Stealer, Lumma, and Meduza. This flaw enables attackers to bypass SmartScreen’s defenses, which are designed to protect users from online threats.
The exploitation begins when victims click on a crafted link that downloads an LNK file, which in turn executes an HTML Application script. This vulnerability was first identified in mid-February 2024, with Trend Micro noting its abuse by the threat actor Water Hydra (DarkCasino) targeting crypto traders. Despite Microsoft releasing a patch for the flaw on February 13, 2024, it continues to be a target for cybercriminals.
Also read: Microsoft launches fix for CrowdStrike-affected Windows PCs
Also read: Open AI, Nvidia, Google and others form AI security alliance
Why it’s important
The ongoing exploitation of CVE-2024-21412 illustrates the growing sophistication and persistence of cyber threats, underscoring the critical need for timely and effective security measures. This vulnerability’s exploitation demonstrates how cybercriminals are adapting their strategies to bypass even advanced security features like Microsoft Defender SmartScreen. The use of infostealers such as ARC Stealer, Lumma, and Meduza reflects a shift towards more targeted attacks designed to extract sensitive information, including personal files, login credentials, and cryptocurrency data.
This attack highlights the importance of regular software updates and the implementation of security patches to mitigate vulnerabilities before they can be exploited. The evolving nature of these threats calls for heightened vigilance from both individuals and organisations. Ensuring that security measures are up-to-date and that users are educated about potential risks are crucial steps in defending against such sophisticated cyber attacks. The incident also serves as a reminder of the need for continuous improvement in cybersecurity practices to safeguard against emerging threats.