Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Defender Flaw Exploited to Deliver Malware

July 24, 2024
Reading Time: 3 mins read
in Alerts
Defender Flaw Exploited to Deliver Malware

A recently patched vulnerability in Microsoft Defender SmartScreen, identified as CVE-2024-21412, has been exploited by cybercriminals to distribute a range of information-stealing malware, including ACR Stealer, Lumma, and Meduza. This high-severity flaw, with a CVSS score of 8.1, allowed attackers to bypass SmartScreen protections and deliver malicious payloads onto targeted systems. Detected by Fortinet FortiGuard Labs, the campaign has primarily targeted users in Spain, Thailand, and the United States, leveraging the SmartScreen flaw to sidestep security measures.

The attack begins with phishing schemes designed to deceive victims into clicking on crafted links that lead to URL files. These links download malicious LNK files, which in turn execute HTML Application (HTA) scripts embedded in the files. The HTA scripts are used to decode and decrypt PowerShell code, which then fetches a decoy PDF and a shellcode injector. This series of actions ultimately deploys either Meduza Stealer or Hijack Loader, which then installs ACR Stealer or Lumma. These malware families are capable of exfiltrating sensitive data from a variety of applications, including web browsers, cryptocurrency wallets, messaging apps, FTP clients, email clients, VPN services, and password managers.

ACR Stealer, an advanced variant of the GrMsk Stealer, was publicly advertised in late March 2024 by the threat actor known as SheldIO on the Russian-language underground forum RAMP. This stealer employs a dead drop resolver (DDR) technique, utilizing the Steam community website to hide its command-and-control infrastructure. This technique makes it challenging for security defenses to detect and disrupt its operations. Lumma Stealer similarly employs flexible C2 domain changes to maintain resilience and evade detection, making it harder for defenders to track and mitigate its impact.

The exploitation of this vulnerability underscores a troubling trend in the cybersecurity landscape, where cybercriminals are increasingly adept at leveraging software vulnerabilities and employing sophisticated deceptive techniques. The campaign highlights how attackers are using various methods, including malvertising and SEO poisoning, to spread malware. This approach is evident in the rise of new stealer families like Braodo and DeerStealer, and the use of legitimate software promotions, such as Microsoft Teams, to deploy malware like Atomic Stealer.

Reference:

  • Microsoft Defender Flaw Used to Deploy ACR, Lumma, and Meduza Stealers
Tags: Cyber AlertsCyber Alerts 2024Cyber RiskCyber threatsJuly 2024MicrosoftMicrosoft DefenderSpainThailandUnited States
ADVERTISEMENT

Related Posts

FreeDrain Phishing Steals Crypto Funds

FBI Warns Cybercriminals Exploit Routers

May 9, 2025
FreeDrain Phishing Steals Crypto Funds

X Scam Targets Crypto Users with Fake Ads

May 9, 2025
FreeDrain Phishing Steals Crypto Funds

FreeDrain Phishing Steals Crypto Funds

May 9, 2025
COLDRIVER Hackers Target Sensitive Data

COLDRIVER Hackers Target Sensitive Data

May 8, 2025
COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

May 8, 2025
COLDRIVER Hackers Target Sensitive Data

CoGUI Targets Consumer and Finance Brands

May 8, 2025

Latest Alerts

X Scam Targets Crypto Users with Fake Ads

FBI Warns Cybercriminals Exploit Routers

FreeDrain Phishing Steals Crypto Funds

CoGUI Targets Consumer and Finance Brands

COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

Subscribe to our newsletter

    Latest Incidents

    LockBit Ransomware Data Leaked After Hack

    Spanish Consumer Group Faces Cyberattack

    Education Giant Pearson Hit by Data Breach

    Masimo Cyberattack Disrupts Manufacturing

    Cyberattack Targets Tepotzotlán Facebook

    West Lothian Schools Hit by Ransomware

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial