Windows security alert: Phemedrome malware bypasses Microsoft Defender

Microsoft is faced with a new security vulnerability, caused by the malware called Phemedrome, capable of evading Windows defenses. This malicious software arrives just as the Redmond company was preparing to celebrate the launch of the mobile versions of the Copilot artificial intelligence. Phemedrome has launched a sneaky cyber attack that exploits a widely used flaw in the operating system.

Phemedrome attack methodology: a multipurpose trojan

The Phemedrome Trojan was designed to steal sensitive data such as passwords, cookies and access tokens, operating across browsers, messaging clients, gaming and cryptocurrency platforms. The malware has the ability to capture screenshots and collect accurate metadata, including users' geographic location information. The stolen data is then directed to attackers for further abuse or for sale in dark areas of the network.

Exploit of a critical vulnerability in Microsoft Defender SmartScreen

According to certain sources, Phemedrome manages to exploit a vulnerability (CVE-2023-36025) in Microsoft Defender SmartScreen, which does not detect malicious URL files. Despite a patch update released by Microsoft, the vulnerability was actively exploited, resulting in significant impacts on user security.

Malware and ransomware target Microsoft's SmartScreen flaw

Trend Micro research reveals that Phemedrome is not the only malware that targeted the breach in Windows Defender SmartScreen: dangerous ransomware also performed similar attacks. Users would be exposed by clicking malicious links that exploit the vulnerability, as reported in security bulletin CVE-2023-36025.