Windows security alert: Phemedrome malware bypasses Microsoft Defender
Treacherous overtake: Phemedrome malware leaves Microsoft's defenses behind
A malware called Phemedrome is attacking Windows systems by exploiting a security flaw in Microsoft Defender SmartScreen to steal data.
Contribute to spreading the culture of prevention!
Support our cause with a small donation by helping us raise awareness among users and companies about cyber threats and defense solutions.
Microsoft is faced with a new security vulnerability, caused by the malware called Phemedrome, capable of evading Windows defenses. This malicious software arrives just as the Redmond company was preparing to celebrate the launch of the mobile versions of the Copilot artificial intelligence. Phemedrome has launched a sneaky cyber attack that exploits a widely used flaw in the operating system.
Phemedrome attack methodology: a multipurpose trojan
The Phemedrome Trojan was designed to steal sensitive data such as passwords, cookies and access tokens, operating across browsers, messaging clients, gaming and cryptocurrency platforms. The malware has the ability to capture screenshots and collect accurate metadata, including users' geographic location information. The stolen data is then directed to attackers for further abuse or for sale in dark areas of the network.
Exploit of a critical vulnerability in Microsoft Defender SmartScreen
According to certain sources, Phemedrome manages to exploit a vulnerability (CVE-2023-36025) in Microsoft Defender SmartScreen, which does not detect malicious URL files. Despite a patch update released by Microsoft, the vulnerability was actively exploited, resulting in significant impacts on user security.
Malware and ransomware target Microsoft's SmartScreen flaw
Trend Micro research reveals that Phemedrome is not the only malware that targeted the breach in Windows Defender SmartScreen: dangerous ransomware also performed similar attacks. Users would be exposed by clicking malicious links that exploit the vulnerability, as reported in security bulletin CVE-2023-36025.Follow us on Telegram for more pills like this