Exploitation of Windows SmartScreen Bypass Flaw Facilitates Deployment of DarkGate RAT

 

The operators behind the DarkGate malware have been taking advantage of a recently patched flaw in Windows SmartScreen through a phishing scheme. This campaign involves circulating counterfeit Microsoft software installers to spread the malicious code.
Researchers from Trend Micro, along with others, uncovered a vulnerability earlier this year, known as CVE-2024-21412, which allowed attackers to bypass security measures in Internet Shortcut Files. Microsoft addressed this issue in its February Patch Tuesday updates, but not before threat actors like Water Hydra and DarkGate seized the opportunity to exploit it. Trend Micro’s Zero Day Initiative (ZDI) reported that DarkGate also utilized this flaw in a mid-January attack, enticing users with PDFs containing Google DoubleClick Digital Marketing (DDM) redirects, ultimately leading to compromised websites hosting the malware-laden installers.
According to Trend Micro researchers Peter Girnus, Aliakbar Zahravi, and Simon Zuckerbraun, the attackers manipulated Google-related domains using open redirects in conjunction with CVE-2024-21412 to circumvent Microsoft Defender SmartScreen protections, facilitating malware infections. They emphasized the effectiveness of combining fake software installers with open redirects in propagating infections.
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: