Another reason to upgrade — experts warn Internet Explorer is being used to lure in Microsoft users for data theft

News
By
published

Hackers find a way to trick Windows into opening a malicious website

Internet Explorer
(Image credit: Microsoft)

Internet Explorer - Microsoft’s old and long-replaced internet browser, is still being used to deploy malware to people’s devices, experts have warned.

A report from Check Point Research (CPR) outlined a new and somewhat unique campaign that saw hackers distributing .URL files. These are Windows Internet Shortcut files, and are used to direct a user directly to a web page. Hackers were able to disguise these files to make them appear as .PDF files, and are presenting them to their victims as a book. 

When the victims run the file, they trigger a chain of prompts which, if ignored (and accepted, essentially), result in the old and outdated Internet Explorer running and visiting a website. This is risky in itself, since hackers can craft unique web pages that can take advantage of vulnerabilities in IE to deploy different malware. 

Microsoft releases a patch

Microsoft officially replaced Internet Explorer with Microsoft Edge as the default web browser when it released Windows 10, in late July 2015. Edge was introduced as a more modern and secure browser, built on a new engine (originally called EdgeHTML and later switched to the Chromium engine in January 2020) to provide better performance and compatibility with web standards.

While Internet Explorer continued to be available for compatibility reasons, Microsoft has been encouraging users and organizations to transition to Edge. Internet Explorer 11, the final version, was officially retired and ended support for certain versions of Windows on June 15, 2022.

CPR reported their findings to the Microsoft Security Response Center (MSRC), which acknowledged the discovery and released a patch. The vulnerability is now tracked as CVE-2024-38112, and the patch was officially released on July 9. Users are advised to apply it as soon as possible, since threat actors have been abusing the flaw for more than a year now.

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.