In mid-January, a new large-scale campaign to spread the malware DarkGate through a vulnerability in the Microsoft Windows security system was discovered by security researchers. The campaign exploited the recently corrected vulnerability, known as CVE-2024-21412, even before it was patched, putting users at risk in a Zero-Day format.
According to Trend Micro, the attacks began by using PDF files containing open redirects for Google DoubleClick on compromised sites. These sites took advantage of the CVE-2024-21412 vulnerability to circumvent Windows SmartScreen protection and install malicious programs disguised as popular applications like iTunes, Notion, and NVIDIA, distributed in “.MSI” format.
The CVE-2024-21412 vulnerability, with a CVSS score of 8.1, allowed threat actors to bypass SmartScreen protection using a specially crafted malicious file. Microsoft addressed this vulnerability in the February Patch Tuesday updates, but before the fix, it was also exploited to deliver the Darkme malware, associated with the Water Hydra group targeting financial institutions.
Hackers used the CVE-2024-21412 alongside Google ADS redirects to distribute Darkgate. Victims received a PDF file via phishing emails, leading them to download a malicious file exploiting the vulnerability. Additionally, experts identified the use of another vulnerability, CVE-2023-36025, with a CVSS score of 8.8, by hackers from TA544 in November last year.
Security researchers stress the importance of vigilance and caution when installing software from untrustworthy sources. They warn against fake installers and highlight the abuse of Google Ads by attackers to scale their operations. The increase in new families of malware targeting sensitive information and the use of popular platforms for distributing malicious software, often through social engineering tactics, are also noted.
Researchers underscore the challenges in ensuring cybersecurity in the modern digital landscape and advocate for a comprehensive approach to digital protection for organizations and individual users alike.