Microsoft Patches Windows Defender Zero-Day Exploited by DarkMe RAT

by | Feb 14, 2024 | News

Post Views: 534

Join our Patreon Channel and Gain access to 70+ Exclusive Walkthrough Videos.

Reading Time: 3 Minutes

In a recent security development, Microsoft has responded to an active threat by patching a zero-day vulnerability in Windows Defender SmartScreen, which was exploited by a financially motivated threat group to distribute the DarkMe remote access trojan (RAT).

The threat actors, identified as Water Hydra and DarkCasino, were observed leveraging the zero-day (CVE-2024-21412) in attacks targeting foreign exchange traders on New Year’s Eve, according to insights from Trend Micro security researchers.

Describing the vulnerability, Microsoft stated in a security advisory that an unauthenticated attacker could exploit it by sending a specially crafted file to the targeted user, bypassing displayed security checks. However, the attacker relies on social engineering to persuade users to interact with the malicious file.

See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses

Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.

Security researcher Peter Girnus, credited with reporting the zero-day, revealed that CVE-2024-21412 bypasses another Windows Defender SmartScreen vulnerability (CVE-2023-36025), which was patched during the November 2023 Patch Tuesday.

Targeting Forex Traders

The attackers’ modus operandi involved spearphishing campaigns aimed at forex traders, particularly those engaged in high-stakes currency trading. Exploiting the zero-day, they targeted trading forums and stock trading Telegram channels, enticing victims with malicious stock charts linking to compromised trading information sites.

Trend Micro’s investigation revealed that Water Hydra utilized similar tactics and procedures observed in previous campaigns, exploiting internet shortcuts and WebDAV components to evade SmartScreen protections effectively.

Trending: Recon Tool: go-dork

The attackers’ primary objective was to deploy the DarkMe malware through social engineering tactics, enticing victims with counterfeit trading tools and guidance posted in English and Russian languages.

This incident marks yet another instance of Water Hydra leveraging zero-day vulnerabilities for malicious purposes. In the past, they exploited a high-severity vulnerability (CVE-2023-38831) in WinRAR software, compromising trading accounts months before a patch became available.

Notably, Microsoft has also addressed another SmartScreen zero-day (CVE-2024-21351) exploited in the wild, further emphasizing the importance of promptly applying security updates to mitigate emerging threats.

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?
If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link