Cybersecurity company Trend Micro recently reported that hackers are exploiting a vulnerability in Windows SmartScreen to deploy the Phemedrone information stealer. The exploit, tracked as CVE-2023-36025, is a lapse in Windows’ SmartScreen security application that allows hackers to easily distribute malicious phishing URLs. Microsoft released a patch for the security defect on November 14, 2023. Trend Micro observed malicious actors exploit systems to distribute the Phemedrone Stealer, despite the patch that supposedly fixed the SmarScreen vulnerability. This software is capable of stealing data from web browsers, crypto wallets, and messaging applications and gathers system information and hardware details. The attackers exfiltrate sensitive information through Telegram or custom command-and-control servers.
Read More:
https://www.securityweek.com/information-stealer-exploits-windows-smartscreen-bypass/