A new and fearsome malware, known as DarkMeis spreading online by exploiting a vulnerability Windows Defender SmartScreen.
The exploit, corrected today by Microsoft, was exploited by some hacker groups (i.e Water Hydra e DarkCasino) to distribute the RAT on an unspecified number of computers. The vulnerability, identified as CVE-2024-21412would have been exploited starting from New Year’s Eve according to data provided by Trend Micro.
The same Microsoft explained, through the security warning that accompanied the patch, how through this flaw it is possible for cybercriminals to bypass security controls without great difficulty, as long as they convince the user to click on a specific link, capable of starting the infection process.
He was the first to discover DarkMe Peter Girnusa researcher at Trend Micro, also revealed that such a similar threat is posed by the exploit CVE-2023-36025another security flaw related to Windows Defender (fixed during Patch Tuesday last November).
The Windows Defender vulnerability was exploited to attack financial traders
According to data collected by experts, DarkMe was used to mainly target users who operate in the financial contextin areas such as currency trading and similar. The infection, in fact, could be part of a broader strategy, with attacks spear phishing and campaigns ransomware which would have allowed cybercriminals to obtain significant loot.
The first signs of DarkMe-related operations were detected by TrendMicro at the very end of 2023, with the Water Hydra group under special surveillance. The spread tactic involved the abuse of file .URL and components Web-based Distributed Authoring and Versioning (WebDAV).
To avoid such cases, as advised by experts, it is vital to keep the operating system updated with the latest updates available. A great antivirusfinally, it can undoubtedly provide further certainties in the ongoing fight against cybercriminals.