Windows SmartScreen Vulnerability Exploited To Spread DarkGate Malware
DarkGate malware is being distributed by exploiting a vulnerability in Windows Defender SmartScreen. Find out how the exploit works and the dangers that it poses to Windows systems.
- A now-fixed Windows Defender SmartScreen vulnerability is being exploited to spread DarkGate malware.
- The flaw allows threat actors to circumvent security checks and leverage fake software for automatic installations.
Security researchers reportedly found a new DarkGate malware campaign in January 2024, which exploited a vulnerability in Windows Defender SmartScreen by leveraging fake software installers. Microsoft has now fixed the flaw through patch updates. SmartScreen is a prominent Windows Defender feature that displays warnings if users run suspicious or unrecognized programs from the web. The flaw allows malicious files to bypass these warnings.
Bad actors exploit compromised sites hosting the Microsoft Windows SmartScreen bypass CVE-2024-21412 (CVSS score: 8.1) to lure targeted Windows users through PDF links with Google Ad technologies redirect URLs, which led to the download of fake versions of NVIDIA, Apple iTunes, and other installers. These malicious programs included a DLL file that infected targeted devices with a DarkGate malware payload.
See More: Stanford University Reports Data Breach That Impacted 27,000 Individuals
Using open redirect links with fake installers has resulted in a significant rate of infections. The DarkGate malware operation is run as a malware-as-a-service (MaaS) model. It has been used by numerous threat actors targeting organizations across Europe, North America, Africa, and Asia.
Threat actors, including DarkGate, Mispadu, and Phemedrone Stealer, have also been using another SmartScreen vulnerability (CVE-2023-36025, CVSS score: 8.8) to inject malicious payloads. Microsoft released a fix for the vulnerabilities in its February 2024 Patch Tuesday update and has urged users to apply the update as soon as possible to mitigate the impact of the attacks.
The malware attacks highlight the cybersecurity risks associated with Google Ads technologies that allow threat actors to broaden the scale and reach of attacks through fake ad campaigns, which can target specific audiences and exploit the trust of Big Tech consumers.
Do you think Microsoft does enough to maintain product security? Let us know your thoughts on LinkedIn, X, or Facebook. We’d love to hear from you!
Image source: Shutterstock