Microsoft has recently eliminated a vulnerability in SmartScreen, a security feature that hackers were actively using to spread a trojan called Darkme. This vulnerability was detected by researchers from Trend Micro who noticed the operation conducted by the financially motivated hacker group known as Water Hydra or Darkcasino.
The vulnerability, identified as cve-2024-21412, allows attackers to bypass standard security checks by sending specially created files to their victims. The success of the attack depends on convincing the user to click on the file link, usually through social engineering techniques.
Peter Garnus, a security researcher from Trend Micro, reported the CVE-2024-21412 and mentioned that it can be used to bypass the correction of another vulnerability, Smartscreen-CVE-2023-36025, which was eliminated in November 2023. This vulnerability targeted currency market traders and aimed at stealing data or deploying malicious programs.
The attackers organized their activities mainly through forums in exchange trading and thematic Telegram channels. They distributed a malicious link that appeared to be a legitimate site for traders. Their tactics included posting messages in different languages offering help in shares trading and the distribution of fake tools and graphs for technical analysis. The ultimate goal was to convince traders to install the Darkme malware.
It is worth noting that the Water Hydra group has previously exploited zero-day vulnerabilities, including a critical vulnerability in Winrar software that affected millions of users. These recent attacks highlight the importance of regularly updating software to eliminate vulnerabilities and staying informed about cybersecurity threats to effectively protect against hackers and financial fraud.