Windows security has improved considerably in recent yearsbut, as new malware proves, no operating system is truly inviolable.
TrendMicro has just reminded us why updating on time is essential. The company, specializing in cybersecurity, has just detailed the operation of a rather serious malware discovered a few weeks ago on Windows, or rather an entire category of malware.
Phemedrome sows chaos
Phemedrome, by its nickname, is therefore an attack vector for numerous malware intended to steal your personal information. Undetectable by Microsoft Defender and capable of searching your Internet browser, your instant chat software such as Discord or Telegram or even your Steam account, malicious pieces of code using this flaw are therefore particularly vicious.
Fortunately, the bug was technically patched last November in an update rolled out by Microsoft. But malicious hackers continue to model malware exploiting Phemedrome to try to infect machines that have not yet been patched. Other software exploiting the same flaw falls squarely into the ransomware category, encrypting user data and demanding a ransom before granting access to the machine.
As the Windows update notes explained, “the Internet user must click on a specific Internet shortcut (. URL), or on a hyperlink pointing to an Internet shortcut file, to be infected“. And that’s exactly what malware exploiting Phemedrome does. Under the guise of a seemingly legitimate link, hackers begin downloading a .URL file, which then downloads everything necessary to infect your computer. All without the native Windows antivirus finding anything wrong with it (if you have not installed the November 2023 updates).
Password, personal information, identification cookies
The malicious code will then steal your passwords saved on your browsers and password management applications, extract your Discord and Telegram ID tokens, your FileZilla login information and a whole bunch of other sensitive data. All of this, of course, without alerting the user of the machine who will only see legitimate-looking PDF, exe or dll files.
“Several prototypes and examples of malware exploiting the CVE-2023-36025 flaw have emerged on social networks», explains TrendMicro. To be as safe as possible, remember to check that your installation of Windows 10 or Windows 11 is up to date. A lesson it’s never too late to learn.
Source : TrendMicro via BleepingComputer
1