Microsoft says it has already patched this new security hole in SmartScreen as well, so we recommend that you keep your computer up to date.
|No te pierdas nada y ¡Síguenos en Google News!
This isn’t the first time we’ve informed you about malware that could affect your Windows devices, such as the Galaxy Book. Unfortunately, today we have to talk about the new discovery by Trend Micro researchers, who have identified a new strain of malware called Phemedrone Stealer. Currently, it is exploiting the vulnerability CVE-2023-36025 in Windows Defender SmartScreen, a vulnerability that was already patched, but the malware manages to revive it.
Phemedrone Stealer is a data collection malware that focuses on various specific types of files and information across a wide range of popular software products, including browsers, file managers, and communication platforms.
A data-collecting malware, and how to avoid it
This malware collects system details, such as geolocation data (IP, country, city, and postal code) about Windows 10 or 11 and takes screenshots during the process. The specific targets of the malware include:
- Chromium-based browsers: It collects data, including passwords, cookies, and autocomplete information stored in applications like LastPass, KeePass, NordPass, Google Authenticator, Duo Mobile, and Microsoft Authenticator, among others.
- Cryptocurrency wallets: It extracts files from various cryptocurrency wallet applications such as Armory, Atomic, Bytecoin, Coinomi, Jaxx, Electrum, Exodus, and Guarda.
- Discord: It extracts authentication tokens from the Discord application, allowing unauthorized access to the user’s account.
- File catcher: It collects user files from designated folders, such as Documents and Desktop.
- FileZilla: It captures details and credentials from FileZilla’s FTP connection.
- Gecko: It targets Gecko-based browsers (like Firefox) to extract user data.
- Steam: It accesses files related to the Steam gaming platform.
- Telegram: It extracts user data from the installation directory, specifically files related to authentication within the “tdata” folder.
The attack vector involves the creation of .url files that download and execute malicious scripts, avoiding detection by Windows Defender SmartScreen. Once the malware evades detection, it downloads the payload and establishes a permanent presence on the system.
Microsoft assures that it has already patched this new vulnerability as well. To avoid this problem, we recommend keeping your system up to date. To do this, go to Windows Update and check for new updates.
Note: This content has been translated with an artificial intelligence tool, so the translation may be slightly inaccurate. The original version written by our editor is the Spanish version.