Implementing Latest Security Updates Crucial Against New CVE-2024-21412 Threat

24 Jul 2024

The attack chain begins with an initial phishing email containing a malicious link. Upon clicking the link, a URL file is downloaded, which subsequently downloads an LNK file. This LNK file executes PowerShell commands to download an HTA script disguised as an overlay icon.

LNK File Execution and Payload Decoding

The HTA script decodes and executes a hidden PowerShell script that runs silently in the background. This script downloads a decoy PDF and a malicious shell code injector, which then injects the final stealer into legitimate processes. Two types of injectors have been identified in this campaign. The first injector uses an image file to obtain shell code, maintaining low detection rates on VirusTotal. The second injector downloads a JPG file from the Imghippo website and uses the Windows API “GdipBitmapGetPixel” to access pixels and decode bytes to retrieve the shell code. This second injector is more straightforward, decrypting its code from the data section and utilizing a series of Windows API functions to perform shell code injection.

Stealer Deployment and Regional Targeting

Once the code is injected, it downloads and installs information-stealing malware such as Meduza Stealer version 2.9 or ACR Stealer. The ACR Stealer targets various applications, including browsers, crypto wallets, messengers, FTP clients, email clients, VPN services, password managers, and other tools. It can adapt legitimate web services to maintain communications with its C2 server. The campaign appears to target specific regions, with decoy PDFs tailored to North America, Spain, and Thailand.

Implementing Microsoft’s latest security updates to address the CVE-2024-21412 vulnerability is crucial for protection. Users should be cautious of phishing links and downloading unknown files. Email security solutions can detect and block phishing attempts, while a comprehensive security suite can provide real-time malware protection.

Mr. Ngoc Bui, Cybersecurity Expert at Menlo Security, commented on the recent development stating, “The recent discovery of CVE-2024-21412 reveals the persistent and evolving nature of cyber threats targeting Microsoft’s SmartScreen. It demonstrates that attackers are constantly refining their tactics to bypass traditional security measures and deliver malicious payloads to high-value targets. This highlights the need for proactive threat intelligence and layered defenses to protect against these sophisticated attacks.”

RELATED TOPICS

  • Windows Defender Flaw Exploited by Phemedrone Stealer
  • Critical New Outlook RCE Vulnerability Exploits Preview Pane
  • 7-Year-Old 0-Day in MS Office Exploited to Drop Cobalt Strike
  • Black Basta Ransomware Exploited Windows 0-day Before Patch
  • Palo Alto Patches 0-Day (CVE-2024-3400) Exploited by Backdoor
  • MS Outlook Vulnerability Exploited by Russian Forest Blizzard Group
  • Microsoft Releases Tool to Fix CrowdStrike-Caused Windows Chaos
  • Russian APT28 Exploiting Windows Vulnerability with GooseEgg Tool

Update: 24 Jul 2024

Top charts for

uTorrent

uTorrent

Latest update uTorrent download for free for Windows PC or Android mobile

5
1032 reviews
7508550
downloads
Zona

Zona

Latest update Zona download for free for Windows PC or Android mobile

4
614 reviews
1735287
downloads
WinRAR

WinRAR

Streamline file management with fast compression, secure your documents, and save space.

5
735 reviews
746708
downloads
Minecraft

Minecraft

Shape environments, explore vast worlds, and survive against monsters with endless creativity.

5
750 reviews
495507
downloads

News and reviews for

Visio 2021 Professional Now $9.97 Until February 8

Visio 2021 Professional Now $9.97 Until February 8

Microsoft offers Visio 2021 Professional for $9.97, down from $249, with added templates, until February 8.

Read more
Code Vein Offers Stylish Combat, Discounted Editions

Code Vein Offers Stylish Combat, Discounted Editions

Code Vein captivates with anime-style combat and offers discounted editions. Fast-paced action meets fun builds in this cult classic.

Read more
Microsoft Phases Out RC4 in Kerberos for Windows Security

Microsoft Phases Out RC4 in Kerberos for Windows Security

Microsoft to eliminate RC4 in Kerberos by July 2026, enhancing Windows security.

Read more
Highguard Faces Criticism but Shows Potential for Growth

Highguard Faces Criticism but Shows Potential for Growth

Highguard, launched with controversy, holds potential despite poor reviews. Offering genre innovation, it aims to evolve against negative feedback.

Read more
PS2Recomp Boosts Native PS2 Games with Recompilation

PS2Recomp Boosts Native PS2 Games with Recompilation

PS2Recomp, a new tool, promises enhanced native PS2 game ports, sparking interest among developers for PC platforms.

Read more
NVIDIA Introduces RTX Remix Logic for Classic Game Mods

NVIDIA Introduces RTX Remix Logic for Classic Game Mods

NVIDIA's RTX Remix Logic, launched on 2026-01-27, enables dynamic modding of classic PC games with a no-code node-based interface.

Read more
Windows 11 Update KB5074109 Affects Legacy Modems

Windows 11 Update KB5074109 Affects Legacy Modems

The Windows 11 update KB5074109 disrupts modems by removing several legacy drivers, causing connectivity issues for select users.

Read more
Anytype Replaces Notion, Obsidian, and Todoist for Unified Workflow

Anytype Replaces Notion, Obsidian, and Todoist for Unified Workflow

Anytype consolidates Notion, Obsidian, and Todoist functions, reducing context-switching and improving workflow efficiency.

Read more
ReBlade: Cyberpunk Roguelike Announced by ChillyRoom

ReBlade: Cyberpunk Roguelike Announced by ChillyRoom

ReBlade from ChillyRoom and Spiral Up Games announced for PC: cyberpunk roguelike offers high-speed action in a dystopian setting.

Read more
Artorias Battles Elden Ring Bosses in New Video Showcase

Artorias Battles Elden Ring Bosses in New Video Showcase

Artorias from Dark Souls faces Elden Ring bosses, demonstrating impressive skills in Fights' YouTube video.

Read more
All article