"Windows SmartScreen Bug Exploited to Deliver Powerful Info-Stealer"

A vulnerability, tracked as CVE-2023-36025, that Microsoft fixed in November 2023, is being used by threat actors to deliver Phemedrone Stealer. By exploiting the vulnerability, attackers can bypass Windows Defender SmartScreen checks and associated prompts. If the victim is tricked into downloading and opening a malicious file, Windows will not warn them if the service finds the file or website potentially malicious. Phemedrone Stealer is a piece of malware written in C# that has no dependencies and can collect system information, take screenshots, gather all data in the targeted device's memory, and much more. This article continues to discuss the exploitation of the Windows SmartScreen flaw to deliver Phemedrone Stealer.

Help Net Security reports "Windows SmartScreen Bug Exploited to Deliver Powerful Info-Stealer"

Submitted by grigby1

Submitted by grigby1 CPVI on