Windows SmartScreen | Breaking Cybersecurity News | The Hacker News

The banking trojan known as  Mispadu  has expanded its focus beyond Latin America (LATAM) and Spanish-speaking individuals to target users in Italy, Poland, and Sweden. Targets of the ongoing campaign include entities spanning finance, services, motor vehicle manufacturing, law firms, and commercial facilities, according to Morphisec. "Despite the geographic expansion, Mexico remains the primary target," security researcher Arnold Osipov  said  in a report published last week. "The campaign has resulted in thousands of stolen credentials, with records dating back to April 2023. The threat actor leverages these credentials to orchestrate malicious phishing emails, posing a significant threat to recipients." Mispadu, also called URSA,  came to light  in 2019, when it was observed carrying out credential theft activities aimed at financial institutions in Brazil and Mexico by displaying fake pop-up windows. The Delphi-based malware is also capable of taking screen

A DarkGate malware campaign observed in mid-January 2024 leveraged a recently patched security flaw in Microsoft Windows as a zero-day using bogus software installers. "During this campaign, users were lured using PDFs that contained Google DoubleClick Digital Marketing (DDM) open redirects that led unsuspecting victims to compromised sites hosting the Microsoft Windows SmartScreen bypass CVE-2024-21412 that led to malicious Microsoft (.MSI) installers," Trend Micro  said . CVE-2024-21412 (CVSS score: 8.1) concerns an internet shortcut files security feature bypass vulnerability that permits an unauthenticated attacker to circumvent SmartScreen protections by tricking a victim into clicking on a specially crafted file. It was  fixed  by Microsoft as part of its Patch Tuesday updates for February 2024, but not before it was weaponized by a threat actor called  Water Hydra  (aka DarkCasino) to deliver the DarkMe malware in attacks targeting financial institutions. The latest finding

Imagine a world where the software that powers your favorite apps, secures your online transactions, and keeps your digital life could be outsmarted and taken over by a cleverly disguised piece of code. This isn't a plot from the latest cyber-thriller; it's actually been a reality for years now. How this will change – in a positive or negative direction – as artificial intelligence (AI) takes on a larger role in software development is one of the big uncertainties related to this brave new world. In an era where AI promises to revolutionize how we live and work, the conversation about its security implications cannot be sidelined. As we increasingly rely on AI for tasks ranging from mundane to mission-critical, the question is no longer just, "Can AI  boost cybersecurity ?" (sure!), but also "Can AI  be hacked? " (yes!), "Can one use AI  to hack? " (of course!), and "Will AI  produce secure software ?" (well…). This thought leadership article is about the latter. Cydrill  (a

Threat actors have been observed leveraging a now-patched security flaw in Microsoft Windows to deploy an open-source information stealer called  Phemedrone Stealer . "Phemedrone targets web browsers and data from cryptocurrency wallets and messaging apps such as Telegram, Steam, and Discord," Trend Micro researchers Peter Girnus, Aliakbar Zahravi, and Simon Zuckerbraun  said . "It also takes screenshots and gathers system information regarding hardware, location, and operating system details. The stolen data is then sent to the attackers via Telegram or their command-and-control (C&C) server." The attacks leverage  CVE-2023-36025  (CVSS score: 8.8), a security bypass vulnerability in Windows SmartScreen, that could be exploited by tricking a user into clicking on a specially crafted Internet Shortcut (.URL) or a hyperlink pointing to an Internet Shortcut file. The actively-exploited shortcoming was  addressed  by Microsoft as part of its November 2023 Patch Tuesday updates.

A new malware tool that enables cybercriminal actors to build malicious Windows shortcut ( .LNK ) files has been spotted for sale on cybercrime forums. Dubbed Quantum Lnk Builder , the software makes it possible to spoof any extension and choose from over 300 icons, not to mention support  UAC  and  Windows SmartScreen  bypass as well as "multiple payloads per .LNK" file. Also offered are capabilities to generate .HTA and disk image (.ISO) payloads. Quantum Builder is available for lease at different price points: €189 a month, €355 for two months, €899 for six months, or as a one-off lifetime purchase for €1,500. ".LNK files are shortcut files that reference other files, folders, or applications to open them," Cyble researchers  said  in a report. "The [threat actor] leverages the .LNK files and drops malicious payloads using  LOLBins  [living-off-the-land binaries]." Early evidence of malware samples using Quantum Builder in the wild is said to da