If you have a Windows computer, it’s time to update it again before hackers bring in the latest Windows malware threats. Phemedrone is an open-source malware that targets web browsers and data from cryptocurrency wallets and messaging apps like Telegram and Discord. And this time, ordinary Windows users have been infected simply by bypassing antivirus protection via Windows SmartScreen.
It may sound tongue-in-cheek, but we’ll break down what exactly this means, how it works, and what else you need to know to avoid falling victim to this sophisticated malware scam. Sho.
windows computer hacker (Kurt “Cyber Guy” Knutson)
What is Windows SmartScreen?
Before we dive into this particular threat, let’s talk about Windows SmartScreen. windows smart screen is a cloud-based anti-phishing and anti-malware component included in many Microsoft products that helps determine whether a website is potentially malicious and prevents users from downloading harmful viruses to their devices. protect you. It does this by analyzing web pages and identifying suspicious behavior that may indicate malicious sites, apps, or files that may be downloaded.
There are several tactics we use to make this decision. Essentially, though, if there is a danger, Windows SmartScreen notifies the user and displays a warning on the page to let them know that what they are about to do may be dangerous.
Windows pop-up screen (Microsoft Tech Community) (Kurt “Cyber Guy” Knutson)
Read more: Beware of this new malicious ransomware disguised as a Windows update
How hackers broke through Windows SmartScreen
Unfortunately, a vulnerability in Windows Defender known as CVE-2023-36025 was discovered and exploited by hackers in November 2023. Allowing malicious actors to bypass Windows Defender SmartScreen. It did this by hosting the malicious URL (shortened to reduce suspicion) on a trusted cloud provider such as Discord or Filetransfer.io, but it did so by hosting the malicious URL (shortened to reduce suspicion). He did not say exactly whether he had been deceived. This is an advanced hack, after all.
Although Windows recognized them as safe, hackers were able to turn off the prompts that allow Windows SmartScreen pop-ups. As long as someone clicked on the URL, Windows SmartScreen did not consider it harmful and therefore did not warn the user.
What happens next is that the victim unknowingly downloads a Control Panel Item (.cpl) file from Command and Control. This essentially allows the hacker to communicate with and take control of the compromised device. When accessed, a PowerShell loader is launched and her PDF ZIP file labeled “Secure.pdf” is retrieved. But it’s not a safe PDF…it’s a sneaky file disguised as Phemedrone malware. Then, boom. It’s on your device. And this is what happens next.
More: Best Desktop Computers of 2024 | Best laptops of 2024
What can this malware do?
The type of malware included in this particular threat is known as Phemedrone. No, this is not a medical name. This is a new open source malware whose main purpose is to steal data stored in web browsers, funds from cryptocurrency wallets, etc. Data including password managers such as LastPass. They can steal cookies, autofill data, browser data, and even other files and folders on your computer that hackers want to access.
That’s not all. This malware also has the following features:
- Gathering system information (hardware, OS, location) and screenshot creation
- Obtaining a Discord authentication token and file Authentication related files for Steam and Telegram
- Obtain connection details and credentials For FileZilla (free FTP solution)
hacker at work (Kurt “Cyber Guy” Knutson)
Read more: Why a free Windows download costs more than you bargained for
Update your software regularly to protect yourself from threats
Now, the reason you’re here is to protect yourself. New threats emerge every day as hackers become more savvy and have more loopholes to exploit. However, for this particular threat, Windows has already patched and introduced protections through software updates.This means all you have to do is catch up on your situation software update You’d be surprised how many people forget to do this or completely ignore it in Windows to protect themselves. These software updates are important to keep you safe from this threat as well as other threats that may arise in the future.
Additionally, be careful not to open or click on links or files that may or may not be legitimate. Of course, hackers find sneaky ways to trick you into believing a link is trustworthy even if it’s malicious. However, make sure you download files and apps from trusted browsers and app stores, and think twice before clicking links in messaging apps.
Always install strong antivirus software on all your devices
Effective antivirus software is a must. This is great for stopping and alerting you to malware in your system, warning you not to click on malicious links in phishing emails, and ultimately protecting you from hacking. The best way to protect yourself from a data breach is to antivirus protection Installed on all devices. Having good antivirus software running actively on your device can help make it more resilient to the growing number of attacks, such as the Phemedrone malware. Get my picks for the best antivirus protection products of 2024 for Windows, Mac, Android, and iOS devices.
Cart important points
Now, the biggest lesson to take away from this is that it’s never possible to be 100% safe online. Even tools intended to protect users, such as Windows SmartScreen, can be exploited. Therefore, always be vigilant and run good antivirus software on all your devices.
When was the last time you updated your software? How do you know when to update? Please email us at. Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report newsletter using the link below. Cyberguy.com/Newsletter.
Ask your cart a question or let us know your story you’d like us to feature.
Answers to CyberGuy frequently asked questions:
Copyright 2024 CyberGuy.com. All rights reserved.
