Malware Alert - Increasing Trend of DarkGate Malware Attacks Exploiting Microsoft Windows SmartScreen's Critical Vulnerability
Type: Malware
Malware Alert
Current Status and Related Trends
Threat intelligence indicates an increasing trend of malware attacks exploiting critical vulnerabilities, CVE-2024-21412 in Microsoft Windows SmartScreen to deliver DarkGate malware.
Recently, ransomware gangs have been employing various tactics to trap and deceive victims, including phishing email and fake software installers[1]. Meanwhile, a new wave of attacks related to DarkGate malware has been discovered in mid-January 2024[2]. The attack begins with victims clicking on a link embedded with a PDF attachment sent via a phishing email. The link therefore redirects users to a malicious .URL internet shortcut file that exploits CVE-2024-21412 which bypass security checks and automatically install fake software installers[2].
DarkGate malware is a remote access trojan (RAT) that allows attackes to compromise victim systems to perform information disclosure and remote code execution. It can also fetch additional payloads to distribute more malware on victim's system[2]. Moreover, there are reports showing that another security flaw, CVE-2023-36025 in Windows SmartScreen has been employed to deliver other malware like Phemedrone Stealer and Mispadu etc[1]. Exploiting this vulnurability also allows attackers to bypass security restriction.
Sources:
[1] DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack
[2] Hackers exploited Windows SmartScreen flaw to drop DarkGate malware
HKCERT recommends that users should:
- Organizations are advised to keep their systems and devices up-to-date with the latest security patches
- Implement multi-factor authentication to prevent unauthorized access.
- Use reputable antivirus software
- Educate employees on how to identify and avoid phishing attacks
- Be cautious when opening email attachments or clicking on links from unknown sources
Related Tags
Share with
