Experts have warned that Windows PCs are being attacked by a new threat that is capable of bypassing your Defender antivirus solution.
The malware, called Phemedrone Stealer, steals sensitive data from the compromised device, such as passwords and authentication cookies, and leaks it to attackers, according to a new report from cybersecurity researchers Trend Micro.
According to the report, the malware searches for sensitive information stored in web browsers, cryptocurrency wallets, and messaging platforms such as Telegram, Steam, and Discord. You can also take screenshots and extract data about the hardware, location, and operating system. The stolen information is then presented to attackers via Telegram or its command and control (C&C) server.
A patch is available
The malware exploits a vulnerability that was recently discovered in Microsoft Windows Defender SmartScreen. It is tracked as CVE-2023-36025 and has a vulnerability score of 8.8/10. This flaw, described as a security feature of Windows SmartScreen that prevents the vulnerability, allows threat actors to bypass Defender Smartscreen checks and associated prompts. To abuse the flaw, an attacker would need to create a custom Internet shortcut (.URL), or a hyperlink pointing to a shortcut, and have the victim interact with it.
Microsoft fixed the flaw in mid-November 2023; However, hackers are still looking for vulnerable devices that have not been patched, so applying the fix is highly recommended. In fact, evidence of wild use has led the Cybersecurity and Infrastructure Security Agency (CISA) to add the flaw to the list of Known Exploited Vulnerabilities (KEV).
“It has come to the public's attention that several proof-of-concept demos and code have circulated on social media, detailing the exploitation of CVE-2023-36025,” Trend Micro explained in its article.
“Since details of this vulnerability first emerged, an increasing number of malware campaigns, one of which distributes the Phemedrone Stealer payload, have incorporated this vulnerability into their attack chains.”
