Microsoft Defender flaws attacked to spread dangerous malware

News
By published

SmartScreen flaw affected Microsoft Defender users across the world

A white padlock on a dark digital background.
(Image credit: Shutterstock.com)

Cybercriminals are persistently looking to try and exploit a vulnerability in Microsoft Defender SmartScreen to deliver all kinds of malware and infostealers. 

FortiGuard Labs has reported observing a new campaign targeting victims in Spain, Thailand, and the US looking to drop ARC Stealer, Lumma, and Meduza. 

The flaw allows the attackers to bypass Windows Defender SmartScreen, a security feature integrated into Windows operating systems and designed to protect users from online threats.

Lumma and Meduza Stealer

"Initially, attackers lure victims into clicking a crafted link to a URL file designed to download an LNK file," the researchers explained. "The LNK file then downloads an executable file containing an [HTML Application] script."

The vulnerability that keeps getting exploited is tracked as CVE-2024-21412. It has a severity score of 8.1, and researchers have been warning of it since mid-February this year. Back then, experts from Trend Micro said they saw a threat actor called Water Hydra (DarkCasino) abusing the then-zero-day, to target crypto traders, on New Year’s Eve. 

"We concluded that calling a shortcut within another shortcut was sufficient to evade SmartScreen, which failed to properly apply Mark-of-the-Web (MotW), a critical Windows component that alerts users when opening or running files from an untrusted source,” Trend Micro’s experts said at the time.

In early July 2024, researchers from Cyble also issued a warning that the flaw was used to deploy malware, and urged users to apply a fix immediately, as Microsoft had patched the flaw on February 13 2024.

While originally, the flaw was used to drop the DarkGate commodity loader, in the new campaigns, the crooks opted for ARC Stealer, Lumma, and Meduza. All are relatively popular infostealers, capable of grabbing sensitive files, login credentials, cryptocurrency wallet data, screenshots, and more.

Via The Hacker News

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A digital representation of a lock
Security experts are being targeted with fake malware discoveries
Avast cybersecurity
An unpatched Windows zero-day flaw has been exploited by 11 nation-state attackers
A hacker typing on a MacBook laptop with code on the screen.
This devious phishing site repurposes legitimate web elements like CAPTCHA pages for malware distribution
A pair of hands using a keyboard
Microsoft SharePoint hijacked to spread Havoc malware
A computer being guarded by cybersecurity.
Huge cyberattack found hitting vulnerable Microsoft-signed legacy drivers to get past security
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
Microsoft Teams and other Windows tools hijacked to hack corporate networks
Latest in Security
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
Data leak
Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
Latest in News
An image of the Nintendo Switch 2
Nintendo Switch 2 pre-orders will start on April 2 according to Best Buy Canada
Pro-Ject A1.2 in black, playing a vinyl record in a hi-fi listening room
Pro-Ject's new fully-automatic turntable could be the buy of Record Store Day 2025
Intergalactic: The Heretic Prophet
Intergalactic: The Heretic Prophet reportedly won't release until after 2026, as Neil Druckmann says that staff 'are playing it at the office' right now - but I don't think I can wait that long
Screenshot from action RPG soulslike Lies of P
Lies of P Overture won't elaborate on the game's eyebrow-raising post-credits twist, and I think that's good news
Nintendo Switch 2
The Switch 2 launching with a Mario Kart game 'is very unlike Nintendo' compared to the original Switch releasing with Breath of the Wild, says former marketing leads: 'That's what's gonna make you want to buy the new hardware'
Kindle de Amazon
The latest Kindle update finally fixes page turning – and adds the perfect reading tool for my sieve-like brain
More about security
A digital representation of a lock

NYU website defaced as hacker leaks info on a million students
NHS

NHS IT supplier hit with major fine following ransomware attack
Freddie Prinze Jr., Sarah Michelle Gellar, Matthew Liliard and Linda Cardinelli in Scooby Doo 2: Monsters Unleashed

Netflix is firing up the Mystery Machine with a live action Scooby-Doo series

See more latest
Most Popular
Freddie Prinze Jr., Sarah Michelle Gellar, Matthew Liliard and Linda Cardinelli in Scooby Doo 2: Monsters Unleashed
Netflix is firing up the Mystery Machine with a live action Scooby-Doo series
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
Sama virtual assistant
Speak, Book, Fly. Qatar Airways debuts industry-first AI travel agent, Sama
An Apple Lumon Terminal Pro computer next to a keyboard with Severance-themed keycaps
You sadly can't buy Apple's Lumon Terminal Pro computer, but here's where to get the Severance-style keycaps
Pro-Ject A1.2 in black, playing a vinyl record in a hi-fi listening room
Pro-Ject's new fully-automatic turntable could be the buy of Record Store Day 2025
Intergalactic: The Heretic Prophet
Intergalactic: The Heretic Prophet reportedly won't release until after 2026, as Neil Druckmann says that staff 'are playing it at the office' right now - but I don't think I can wait that long
Kindle de Amazon
The latest Kindle update finally fixes page turning – and adds the perfect reading tool for my sieve-like brain
Screenshot from action RPG soulslike Lies of P
Lies of P Overture won't elaborate on the game's eyebrow-raising post-credits twist, and I think that's good news
Nintendo Switch 2
The Switch 2 launching with a Mario Kart game 'is very unlike Nintendo' compared to the original Switch releasing with Breath of the Wild, says former marketing leads: 'That's what's gonna make you want to buy the new hardware'
Apple iPad Pro 13-inch (2024)
iPadOS 19: 4 rumored new features, and 2 I’d like to see