AI DevwWrld Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Middle East Low Code No Code Summit TimeAI Summit

Windows security alert: Phemedrome malware bypasses Microsoft Defender

Treacherous overtake: Phemedrome malware leaves Microsoft's defenses behind

A malware called Phemedrome is attacking Windows systems by exploiting a security flaw in Microsoft Defender SmartScreen to steal data.

Contribute to spreading the culture of prevention!
Support our cause with a small donation by helping us raise awareness among users and companies about cyber threats and defense solutions.

This pill is also available in Italian language

Microsoft is faced with a new security vulnerability, caused by the malware called Phemedrome, capable of evading Windows defenses. This malicious software arrives just as the Redmond company was preparing to celebrate the launch of the mobile versions of the Copilot artificial intelligence. Phemedrome has launched a sneaky cyber attack that exploits a widely used flaw in the operating system.

Phemedrome attack methodology: a multipurpose trojan

The Phemedrome Trojan was designed to steal sensitive data such as passwords, cookies and access tokens, operating across browsers, messaging clients, gaming and cryptocurrency platforms. The malware has the ability to capture screenshots and collect accurate metadata, including users' geographic location information. The stolen data is then directed to attackers for further abuse or for sale in dark areas of the network.

Exploit of a critical vulnerability in Microsoft Defender SmartScreen

According to certain sources, Phemedrome manages to exploit a vulnerability (CVE-2023-36025) in Microsoft Defender SmartScreen, which does not detect malicious URL files. Despite a patch update released by Microsoft, the vulnerability was actively exploited, resulting in significant impacts on user security.

Malware and ransomware target Microsoft's SmartScreen flaw

Trend Micro research reveals that Phemedrome is not the only malware that targeted the breach in Windows Defender SmartScreen: dangerous ransomware also performed similar attacks. Users would be exposed by clicking malicious links that exploit the vulnerability, as reported in security bulletin CVE-2023-36025.

Follow us on WhatsApp for more pills like this

01/25/2024 22:07

Editorial AI

Last pills

LockBit's response to FBI actionsLockBit's technological revenge: post-attack updates and awareness

LockBit's tenacious activity despite global investigationsChallenges and countermeasures in the war against the LockBit cyber criminal group

Avast fined for illegitimate sale of web dataFines and restrictions imposed on cybersecurity company for misuse of personal data

KeyTrap: DNSSEC flaw discovered by researchersThe vulnerability puts the stability of DNSSEC at risk