Cyble Researchers Discover Threat Actors Exploiting Microsoft SmartScreen Vulnerability

Published:

spot_img

Cyble Research Uncovers Active Campaign Exploiting Microsoft SmartScreen Vulnerability

Cybersecurity researchers at Cyble Research and Intelligence Labs (CRIL) have uncovered a sophisticated campaign exploiting a Microsoft SmartScreen vulnerability to inject infostealers into users’ machines. Despite Microsoft releasing a patch for the vulnerability (CVE-2024-21412) in February and CISA adding it to its known exploited vulnerabilities catalog, the patch has seen limited deployment, leading to the campaign targeting users in multiple regions, including Spain, the U.S., and Australia.

The campaign, which begins with phishing lures related to healthcare insurance schemes, transportation notices, and tax-related communications, aims to trick users into downloading malicious payloads. The spam emails contain a link that redirects users to a WebDAV share using a search protocol to deceive them into executing a malicious internet shortcut file. The multi-stage attack that follows utilizes legitimate tools such as forfiles.exe, PowerShell, mshta, and other trusted files to circumvent security measures, ultimately injecting the final payload into explorer.exe.

The campaign delivers Lumma and Meduza Stealer as its final payloads, highlighting the sophistication of the attack chain. The researchers at Cyble also noted a surge in the exploitation of the vulnerability (CVE-2024-21412) and emphasized the evolving and dangerous threat landscape in cybersecurity. They recommended various cybersecurity controls, including advanced email filtering solutions, monitoring and restricting the forfiles utility, application whitelisting, and network segmentation to combat these sophisticated threats.

The researchers also provided MITRE ATT&CK Techniques, Indicators of Compromise (IoCs), and a YARA detection rule on the Cyble blog for further reference. This discovery underscores the importance of staying vigilant against cyber threats and implementing robust cybersecurity measures to protect against malicious attacks.

spot_img

Related articles

Recent articles

NSU Launches Cybersecurity Center to Enhance Research and Workforce Development in Bangladesh

North South University (NSU) has inaugurated its Cybersecurity Center to advance research, develop skilled professionals, and strengthen Bangladesh's resilience against emerging cyber threats. This...

Siemens ROX II Switches Vulnerable: Update to Firmware V2.17.1 to Mitigate CVE-2025-40948, CVE-2025-40947, and CVE-2025-40949 Exploits

Siemens has issued an advisory regarding three critical zero-day vulnerabilities (CVE-2025-40948, CVE-2025-40947, and CVE-2025-40949) affecting its ROX II operational technology (OT) switches. These vulnerabilities...

UK Regulator Launches Investigation into TikTok Age Verification Amid Strengthened Child Safety Measures

UK Regulator Launches Investigation into TikTok Age Verification Amid Strengthened Child Safety Measures The UK's communications regulator, Ofcom, has initiated a formal investigation into TikTok's...

Legacy Systems, Real-World Risks: Navigating the Challenges of OT Security

Legacy Systems, Real-World Risks: Navigating the Challenges of OT Security Operational Technology (OT) security presents unique challenges that differ significantly from traditional Information Technology (IT)...