Hackers are exploiting a zero-day vulnerability in Windows Defender SmartScreen to infect cryptocurrency traders with malware.
Researchers at Trend Micro revealed that a threat actor called Water Hydra (also known as DarkCasino) abused zero-day, now tracked as CVE-2024-21412, in attacks conducted on New Year's Eve 2023.
Microsoft has since released a patch and, in a follow-up advisory, explained that an unauthenticated attacker “could send the targeted user a file specially crafted to bypass displayed security controls.”
Spearphishing on Telegram
Microsoft further explained that the attack still depends on the victim's action: “However, the attacker would have no way to force a user to view attacker-controlled content. Instead, the attacker would have to convince the user to act by doing so. click on the file”. link.”
Trend Micro claims that Water Hydra was joining Telegram channels and forums for forex, stock and cryptocurrency traders, and used phishing techniques to get people to install the DarkMe malware. The group shared a stock chart linked to fxbulls.[.]ru, a compromised Russian trading information site that actually pretends to be fxbulls[.]com, a forex broker platform.
DarkMe, while dangerous on its own, was just a step toward the ultimate goal, which was to deploy ransomware, researchers say.
“In late December 2023, we began tracking a campaign from the Water Hydra group that contained similar tools, tactics, and procedures (TTPs) involving the abuse of Internet shortcuts (.URLs) and distributed authoring and versioning components based (WebDAV).”, Trend Micro explained.
“We concluded that calling a shortcut within a shortcut was sufficient to evade SmartScreen, which did not properly apply Mark-of-the-Web (MotW), a critical Windows component that alerts users when they open or run files from a source. unreliable”.
The crypto industry has always been a popular target for cybercriminals. However, with bitcoin exchange-traded funds (ETFs) finally approved and Bitcoin halving in just two months, the crypto industry is primed for another spectacular bull run. This, as has happened in the past, will also attract more criminals.
Through beepcomputer