Microsoft Windows users have been warned to urgently apply this month’s update, after a new attack was found in the wild targeting Windows 10 and Windows 11. An alarming new report warns that this new zero-day attack “is a prime example of how unsupported Windows relics are an overlooked attack surface that can still be exploited by threat actors to infect unsuspecting users with ransomware, backdoors, or as a conduit for other kinds of malware.”
The relic in question is Internet Explorer. While most Windows users will assume the now defunct browser has been banished from their machines, it’s actually still there under the covers. These devious attacks simply trick IE into waking back up and causing havoc. Beware—if that happens to you, the impact can be devastating.
Threat Level Escalates
We knew this new IE threat was serious when Microsoft’s July update advisory acknowledged likely exploits in the wild and the US cyber agency (CISA) added it to the Known Exploited Vulnerabilities (KEV) catalog, with a 21-day update mandate for all US federal agencies. The team at Check Point Research then published a detailed report into the threat and their disclosure to Microsoft.
Now the threat level for CVE-2024-38112 has become even more serious, with the publication of a new report from Trend Micro, which reports on active attacks that it says have exploited this trick in waking up Internet Explorer.
Void Banshee Strikes
Trend Micro attributes the attacks to Void Banshee, an advanced persistent threat (APT) group targeting victims across the US, Asia and Europe. The research team says these attacks focused on installing the Atlantida stealer onto victim’s machines. This malware targets specific applications, including messengers and crypto wallets to steal login credentials, cookies and security codes.
According to Trend Micro, “Void Banshee lures in victims using zip archives containing malicious files disguised as book PDFs; these are disseminated in cloud-sharing websites, Discord servers, and online libraries, among others.”
Update Your System
The malicious link that triggers one of these attacks is coded to open in IE rather than Edge or Chrome. And users may not even realize they are clicking an internet address, as it may appear as a cloud-based PDF being opened. But rather than offer advice as to what to look for, simply update your Windows PC to disable the threat.
That IE has come back from the dead is the real catch here, of course, and will surprise and alarm users. “IE has been officially disabled through later versions of Windows 10, including all versions of Windows 11,” Trend Micro explains. “Disabled, however, does not mean IE was removed from the system. The remnants of IE exist on the modern Windows system, though it is not accessible to the average user.”
