Exploitation of Windows SmartScreen Bypass Flaw Facilitates Deployment of DarkGate RAT

The operators behind the DarkGate malware have been taking advantage of a recently patched flaw in Windows SmartScreen through a phishing scheme.
This campaign involves circulating counterfeit Microsoft software installers to spread the malicious code.
Researchers from Trend Micro, along with others, uncovered a vulnerability earlier this year, known as CVE-2024-21412, which allowed attackers to bypass security measures in Internet Shortcut Files.
Microsoft addressed this issue in its February Patch Tuesday updates, but not before threat actors like Water Hydra and DarkGate seized the opportunity to exploit it.
Trend Micro's Zero Day Initiative reported that DarkGate also utilized this flaw in a mid-January attack, enticing users with PDFs containing Google DoubleClick Digital Marketing redirects, ultimately leading to compromised websites hosting the malware-laden installers.
According to Trend Micro researchers Peter Girnus, Aliakbar Zahravi, and Simon Zuckerbraun, the attackers manipulated Google-related domains using open redirects in conjunction with CVE-2024-21412 to circumvent Microsoft Defender SmartScreen protections, facilitating malware infections.
They emphasized the effectiveness of combining fake software installers with open redirects in propagating infections.
DarkGate, described as a remote-access Trojan, has been advertised on Russian-language cybercrime forums since at least 2018 and is considered one of the most sophisticated and active malware strains.
It offers various functionalities, including process injection, information theft, shell command execution, and keylogging, while employing multiple evasion techniques.
The DarkGate campaign observed by Trend Micro leverages Google Open Redirects, exploiting a previously patched SmartScreen vulnerability, CVE-2023-36025, affecting all supported Windows versions.
By utilizing open redirects in Google DDM technologies, threat actors can execute malicious code when combined with security bypasses.
To defend against DarkGate's exploitation of CVE-2024-21412, Windows system administrators are advised to apply Microsoft's patch promptly.
Organizations should prioritize employee training to raise awareness about the risks of installing software from untrusted sources.
Continuous monitoring of the cyber environment, including identifying vulnerabilities and potential attack vectors, is crucial for effective cybersecurity defense.
In conclusion, proactive measures are necessary for both businesses and individuals to safeguard their systems against evolving threats like DarkGate and similar malware campaigns.


This Cyber News was published on www.cysecurity.news. Publication date: Sat, 16 Mar 2024 18:43:05 +0000


Cyber News related to Exploitation of Windows SmartScreen Bypass Flaw Facilitates Deployment of DarkGate RAT

Exploitation of Windows SmartScreen Bypass Flaw Facilitates Deployment of DarkGate RAT - The operators behind the DarkGate malware have been taking advantage of a recently patched flaw in Windows SmartScreen through a phishing scheme. This campaign involves circulating counterfeit Microsoft software installers to spread the malicious ...
8 months ago Cysecurity.news
Hackers abuse Windows SmartScreen flaw to drop DarkGate malware - A new wave of attacks by the DarkGate malware operation exploits a now-fixed Windows Defender SmartScreen vulnerability to bypass security checks and automatically install fake software installers. SmartScreen is a Windows security feature that ...
8 months ago Bleepingcomputer.com
Hackers exploit Windows SmartScreen flaw to drop DarkGate malware - A new wave of attacks by the DarkGate malware operation exploits a now-fixed Windows Defender SmartScreen vulnerability to bypass security checks and automatically install fake software installers. SmartScreen is a Windows security feature that ...
8 months ago Bleepingcomputer.com
The Persistent Danger of Remcos RAT - From initial infection to persistent control, the Remcos RAT campaign exemplifies the evolving nature of cyber threats and the need for proactive defense measures. This ecosystem is supported by a diverse array of servers that function as command and ...
10 months ago Cyberdefensemagazine.com
Digital Battlefield: Syrian Threat Group's Sinister SilverRAT Emerges - Cyfirma claims that the developers maintain a sophisticated and active presence on multiple hacker forums and social media platforms, as outlined by the cybersecurity company. Besides operating a Telegram channel offering leaked databases, carding ...
10 months ago Cysecurity.news
Data-theft malware exploits Windows Defender SmartScreen The Register - Criminals are exploiting a Windows Defender SmartScreen bypass vulnerability to infect PCs with Phemedrone Stealer, a malware strain that scans machines for sensitive information - passwords, cookies, authentication tokens, you name it - to grab and ...
10 months ago Go.theregister.com
'BattleRoyal' Hackers Deliver DarkGate RAT Using Every Trick - This fall, an unidentified threat actor executed dozens of varied social engineering campaigns against American and Canadian organizations across a variety of industries, with the goal of infecting them with the multifaceted DarkGate malware. Perhaps ...
10 months ago Darkreading.com
DarkGate Malware Campaigns Linked to Vietnam-Based Cybercriminals - Vietnam-based cybercriminals are believed to be behind to attacks using DarkGate malware, which have targeted organizations in the UK, US and India since 2018. WithSecure researchers have tracked these attacks to an active cluster of cybercriminals ...
11 months ago Infosecurity-magazine.com
Hackers Exploiting Windows Defender SmartScreen Flaw - Hackers actively target and exploit Windows Defender SmartScreen to deceive users and deliver malicious content by creating convincing, misleading websites or applications. By evading SmartScreen, the threat actors increase the chances of their ...
10 months ago Cybersecuritynews.com
SideCopy Exploiting WinRAR Flaw in Attacks Targeting Indian Government Entities - The Pakistan-linked threat actor known as SideCopy has been observed leveraging the recent WinRAR security vulnerability in its attacks targeting Indian government entities to deliver various remote access trojans such as AllaKore RAT, Ares RAT, and ...
11 months ago Thehackernews.com
Fake Corsair job offers on LinkedIn push DarkGate malware - A threat actor is using fake LinkedIn posts and direct messages about a Facebook Ads specialist position at hardware maker Corsair to lure people into downloading info-stealing malware like DarkGate and RedLine. Cybersecurity company WithSecure ...
11 months ago Bleepingcomputer.com
A New, Spookier Gh0st RAT Malware Haunts Global Cyber Targets - A new variant of the infamous "Gh0st RAT" malware has been identified in recent attacks targeting South Koreans and the Ministry of Foreign Affairs in Uzbekistan. The Chinese group "C.Rufus Security Team" first released Gh0st RAT on the open Web in ...
11 months ago Darkreading.com
Krasue RAT Uses Cross-Kernel Linux Rootkit to Attack Telecoms - Attackers likely tied the creators of the XorDdos Linux remote access Trojan have been wielding a separate Linux RAT for nearly two years without detection, using it to target organizations in Thailand and maintain malicious access to infected ...
11 months ago Darkreading.com
Attackers Exploit Microsoft Security-Bypass Zero-Day Bugs - Microsoft's scheduled Patch Tuesday security update for February includes fixes for two zero-day security vulnerabilities under active attack, plus 71 other flaws across a wide range of its products. In all, five of the vulnerabilities for which ...
9 months ago Darkreading.com
BattleRoyal Cluster Signals DarkGate Surge - Security researchers have warned against the DarkGate threat actor, who has recently gained notoriety in the realm of remote access Trojans and loaders. Earlier today, Proofpoint confirmed it has been tracking a distinct operator of the DarkGate ...
11 months ago Infosecurity-magazine.com
FBI Shuts Down Warzone RAT; Cybercriminals Arrested - In a major victory against cybercrime, the FBI has successfully taken down the Warzone RAT malware operation. This operation led to the arrest of two individuals involved in the illicit activities. One of the suspects, 27-year-old Daniel Meli from ...
9 months ago Cysecurity.news
SugarGh0st RAT Delivered via Malicious Windows & JavaScript - RATs allow threat actors to execute the following malicious actions while remaining hidden from the victim:-. Recently, cybersecurity researchers at Cisco Talos discovered a malicious campaign that was found to be delivering a new RAT that's been ...
11 months ago Cybersecuritynews.com
KubeCon 2023: Securing Software Delivery and Deployment - Gopal Dommety: So Mitch, we started OpsMX with the vision to fully automate and secure software delivery. Gopal Dommety: And so we provide a deployment firewall. They tend to have large deployments, Fortune 10 kind of customers, that's what OpsMx. ...
11 months ago Securityboulevard.com
Windows SmartScreen flaw exploited to drop Phemedrone malware - A Phemedrone information-stealing malware campaign exploits a Microsoft Defender SmartScreen vulnerability to bypass Windows security prompts when opening URL files. Phemedrone is a new open-source info-stealer malware that harvests data stored in ...
10 months ago Bleepingcomputer.com
Silver RAT Evades Anti-viruses to Hack Windows Machines - Hackers use Remote Access Trojans to gain unauthorized access and control over a victim's computer remotely. These malicious tools allow hackers to perform various malicious activities like the following without the user's knowledge:-. Recently, ...
10 months ago Cybersecuritynews.com
Opening a Can of Whoop Ads: Detecting and Disrupting a Malvertising Campaign Distributing Backdoors - Earlier this year, Mandiant's Managed Defense threat hunting team identified an UNC2975 malicious advertising campaign promoting malicious websites themed around unclaimed funds. In each investigation under this campaign, Mandiant identified browser ...
11 months ago Mandiant.com
Gh0st rat - Gh0st RAT is a Trojan horse for the Windows platform. The “RAT” part of the name refers to the software’s ability to operate as a "Remote Administration Tool". It is a cyber spying computer program used to control infected Windows computers ...
11 months ago
FBI seizes Warzone RAT infrastructure, arrests malware vendor - The FBI dismantled the Warzone RAT malware operation, seizing infrastructure and arresting two individuals associated with the cybercrime operation. Daniel Meli, 27, a resident of Malta, was arrested last week for his role in the proliferation of ...
9 months ago Bleepingcomputer.com
Windows Incident Response: Human Behavior In Digital Forensics, pt II - Targeted Threat ActorI was working a targeted threat actor response, and while we were continuing to collect information for scoping, so we could move to containment, we found that on one day, from one endpoint, the threat actor pushed their RAT ...
10 months ago Windowsir.blogspot.com
'PhantomBlu' Cyberattackers Backdoor Microsoft Office Users via OLE - A malicious email campaign is targeting hundreds of Microsoft Office users in US-based organizations to deliver a remote access trojan that evades detection, partially by showing up as legitimate software. Threat actors previously have used the RAT ...
8 months ago Darkreading.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)