The malware abuses CVE-2023-36025, which Microsoft patched in November. Specifically, the flaw allows Phemedrone and other malicious software to sidestep protections in Windows that are supposed to help users avoid running hostile code.
We're told the malware targets a ton of browsers and applications on victims' PCs, lifting sensitive info from files of interest and sending the data to fraudsters to exploit. These targets include Chromium-based browsers as well as LastPass, KeePass, NordPass, Google Authenticator, Duo Mobile, and Microsoft Authenticator. Phemedrone looks for things like passwords, cookies, and autofill information to exfiltrate; once this data is in the hands of the malware's operators, it can be used to log into the victims' online accounts and cause all sorts of damage and strife.
#windows-defender-smartscreen-vulnerability #phemedrone-stealer-malware #info-stealing-malware #data-theft #vulnerability-exploitation #password-theft
Collection
[
|
...
]