Void Banshee Exploits Old IE11 Vulnerabilities to Steal Sensitive Data

Cybercriminals Exploit Legacy of Internet Explorer

More than two years have passed since Internet Explorer 11 was officially retired, yet the browser’s legacy continues to cast a long shadow. In an unexpected turn of events, cybercriminals are exploiting remnants of this once-popular browser to execute their nefarious schemes. The group behind these attacks, known as Void Banshee, has been under the watchful eye of security firm Trend Micro for some time now.

Recent revelations emerged following Microsoft’s disclosure of the vulnerability identified as CVE-2024-43461. This flaw has become a key tool for Void Banshee, allowing them to infiltrate systems across Europe, North America, and Southeast Asia. Their targets are often left vulnerable to the theft of sensitive information, including cookies and passwords.

Internet Explorer's Unwanted Resurrection

In their sophisticated attack campaign, Void Banshee has leveraged not only CVE-2024-43461 but also another vulnerability, CVE-2024-38112, which was patched in July. Both vulnerabilities can be triggered through specially crafted .url files, enabling the resurrection of Internet Explorer despite its official demise. The remnants of this browser still linger within Windows, allowing it to be unwittingly activated.

Adding another layer of complexity, the attackers utilized Windows’ support for Braille to their advantage. By disguising a .hta (HTML) file as a PDF, they crafted a document meant for the visually impaired that contained hidden instructions in whitespace, cleverly bypassing standard Windows warnings. Users faced a choice to either open or save the file. If they opted to open it, Internet Explorer would spring back to life, paving the way for the installation of the Atlantida InfoStealer. This insidious software is designed to harvest cookies, passwords, and usernames, showcasing how Internet Explorer persists in a zombie-like state within Windows, remaining vulnerable to exploitation.

Defensive Measures and Proactive Security

Despite the covert nature of these attacks, there are effective defensive measures available. Security solutions, such as those offered by Symantec, provide built-in protection against the execution of .url files that trigger Internet Explorer. As organizations navigate this complex landscape, awareness and proactive security measures remain paramount in safeguarding against such legacy threats.

Also read: Security company Fortinet victim of data breach

How do I install Internet Explorer 11 on Windows 11 64-bit?

Windows 11 doesn't come with Internet Explorer 11 as it has been replaced by Microsoft Edge. However, you can enable the Internet Explorer mode in Microsoft Edge to access legacy sites. Open Edge > Click the three dots > Settings > Default browser > Let Internet Explorer open sites in Microsoft Edge. Set this to "Always".

How to install Internet Explorer 11 in Windows 11 64-bit?

Internet Explorer 11 isn't available on Windows 11 since it's replaced by Microsoft Edge. To use IE functionality, enable IE mode in Edge. Open Edge > Click the three dots > Settings > Default browser > Let's Internet Explorer open sites in Microsoft Edge. Set this to "Always."