Windows PCs targeted by dangerous new threat that even gets around Defender - and even though there's a fix, you could still be at risk

News
By published

Be on the lookout for Phemedrone Stealer hitting Windows devices

Magnifying glass enlarging the word 'malware' in computer machine code
(Image credit: Shutterstock)

Windows PCs are being targeted with a new threat that is capable of working around its Defender antivirus solution, experts have warned.

Named Phemedrone Stealer, the malware steals sensitive data from the compromised device, such as passwords and authentication cookies, and leaks it to the attackers, according to a new report from cybersecurity researchers Trend Micro. 

As per the report, the malware looks for sensitive information stored in web browsers, cryptocurrency wallets, and messaging platforms such as Telegram, Steam, and Discord. It can also take screengrabs, and siphon out data on hardware, location, and the operating system. The stolen information is then presented to the attackers via Telegram or their command-and-control (C&C) server. 

Reader Offer: Save up to 68% on Aura identity theft protection

Reader Offer: Save up to 68% on Aura identity theft protection
TechRadar editors praise Aura's upfront pricing and simplicity. Aura also includes a password manager, VPN, and antivirus to make its security solution an even more compelling deal. Save up to 50% today. 

 Preferred partner (What does this mean?) 

View Deal

A patch is available

The malware leverages a vulnerability that was recently discovered in Microsoft Windows Defender SmartScreen. It’s tracked as CVE-2023-36025 and carries a vulnerability score of 8.8/10. Described as a Windows SmartScreen security feature bypass vulnerability, this flaw allows threat actors to work around Defender Smartscreen checks and the associated prompts. To abuse the flaw, an attacker would need to craft a custom Internet Shortcut (.URL), or a hyperlink that points to a shortcut, and get the victim to interact with it.

Microsoft patched the flaw in mid-November 2023, however, hackers are still on the lookout for vulnerable devices that haven’t been patched, so applying the fix is highly recommended. In fact, the evidence of in-the-wild use has prompted the Cybersecurity and Infrastructure Security Agency (CISA) to add the flaw to the Known Exploited Vulnerabilities (KEV) list. 

“It has come to public attention that various demos and proof-of-concept codes have been circulated on social media, detailing the exploitation of CVE-2023-36025,” Trend Micro explained in its writeup. 

“Since details of this vulnerability first emerged, a growing number of malware campaigns, one of which distributes the Phemedrone Stealer payload, have incorporated this vulnerability into their attack chains.”

More from TechRadar Pro

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A digital representation of a lock
Security experts are being targeted with fake malware discoveries
Trojan
Microsoft warns of a devious new RAT malware which can avoid detection with apparent ease
Hands typing on a keyboard surrounded by security icons
Infostealers on the rise: the latest concern for organizational defenses
An American flag flying outside the US Capitol building against a blue sky
US military and defense contractors hit with Infostealer malware
Mustang Panda
Chinese hackers abuse Microsoft tool to get past antivirus and cause havoc
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
Microsoft Teams and other Windows tools hijacked to hack corporate networks
Latest in Security
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X
A worrying Apple Password App vulnerability reportedlyleft users exposed for months
DeepSeek
Fake DeepSeek installers are infecting your device with dangerous malware
AI tools.
Not even fairy tales are safe - researchers weaponise bedtime stories to jailbreak AI chatbots and create malware
Data leak
Top California sperm bank suffers embarrassing leak
An Android phone being held in the hand
These malicious Android apps were installed over 60 million times - here's how to stay safe
ransomware avast
Billions of credentials were stolen from businesses around the world in 2024
Latest in News
Stability AI 3D Video
Stability AI’s new virtual camera turns any image into a cool 3D video and I’m blown away by how good it is
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X
A worrying Apple Password App vulnerability reportedlyleft users exposed for months
Google Pixel 9a
Google is delaying the Pixel 9a to fix a mystery “component quality issue”
The bottom left corner of an Android phone, showing the Phone, Messages, Google icons and Google Search bar
Google Messages remote delete will soon save you from texting embarrassment – and here's how it works
ExpressVPN mobile app and Aircove
ExpressVPN ‘reduces workforce’ for the second time in two years
The Nanoleaf PC Screen Mirror Lightstrip being used on a desktop computer.
Mac gaming could get an intriguing boost – but not in the way you'd expect
More about security
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X

A worrying Apple Password App vulnerability reportedlyleft users exposed for months
DeepSeek

Fake DeepSeek installers are infecting your device with dangerous malware
ChatGPT and Gemini Deep Research

I pitted ChatGPT Deep Research against Gemini Deep Research - here's how Google's free tool compares to OpenAI's paid offering
See more latest
Most Popular
Comino Grando Server
Puget Systems partners with Comino to bring more affordable liquid cooled dual-CPU, 8-GPU systems to the masses
Stability AI 3D Video
Stability AI’s new virtual camera turns any image into a cool 3D video and I’m blown away by how good it is
Elecom 9,000mAh sodium-ion battery
This is the world's first sodium-ion mobile battery, a game changer in environmental sustainability, but it's not cheap
The bottom left corner of an Android phone, showing the Phone, Messages, Google icons and Google Search bar
Google Messages remote delete will soon save you from texting embarrassment – and here's how it works
Data center server room lit with green lights
Microsoft is MIA as Amazon, Meta, Google and others join consortium to triple nuclear energy output by 2050
Thrustmaster Sol-R flight stick
Thrustmaster announces the Sol-R 1 and Sol-R 2 HOSAS flight sticks designed for space sims like Elite Dangerous
Image of AC Shadows cover art & Steam Deck
It's not perfect, but Assassin's Creed Shadows' performance is impressive - it runs smoothly on the Steam Deck and Asus ROG Ally
Google Pixel 9a
Google is delaying the Pixel 9a to fix a mystery “component quality issue”
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X
A worrying Apple Password App vulnerability reportedlyleft users exposed for months
DeepSeek
Fake DeepSeek installers are infecting your device with dangerous malware