Hackers are exploiting a zero-day vulnerability in Windows Defender SmartScreen to infect crypto traders with malware.
Trend Micro researchers revealed that a threat actor named Water Hydra (AKA DarkCasino) exploited the zero-day, now tracked as CVE-2024-21412, in attacks carried out on New Year’s Eve 2023.
Microsoft has since released a patch, and a sequel advisoryexplained that an unauthenticated attacker “could send the targeted user a specially crafted file designed to bypass the displayed security controls.”
Spear phishing on Telegram
Microsoft further explained that the attack still relies on victim action: “However, the attacker would have no way to force a user to view the attacker’s controlled content. Instead, the attacker would have to convince them take action by clicking the file link.”
Trend Micro claims that Water Hydra joined Telegram channels and forums for forex, stock and crypto traders, and used spearphishing techniques to get people to install the DarkMe malware. The group shared a stock chart linking to fxbulls(.)ru, a compromised Russian trading information site that essentially mimics fxbulls(.)com, a forex broker platform.
While DarkMe is dangerous in itself, it was just a step toward the ultimate goal of deploying ransomware, the researchers claim.
“In late December 2023, we began monitoring a campaign from the Water Hydra group that included similar tools, tactics and procedures (TTPs) abusing Internet shortcuts (.URL) and web-based Distributed Authoring and Versioning (WebDAV) components ,” explains Trend Micro.
“We concluded that calling a shortcut within another shortcut was enough to bypass SmartScreen, which failed to properly apply Mark-of-the-Web (MotW), a crucial Windows component that users warns when opening or running files from an untrusted source.”
The crypto industry has always been a popular target for cybercriminals. With Bitcoin Exchange-Traded Funds (ETF) finally approved and Bitcoin set to halve in two months, the crypto industry is poised for another eye-watering bull run. This will also attract more criminals, as in the past.
Through BleepingComputer