DarkMe Malware Exploits Windows Defender Vulnerability: Microsoft Issues Patch

/in


Cybersecurity firm Trend Micro’s Zero Day Initiative recently unmasked a critical vulnerability, designated as CVE 2024-21412, that enabled the notorious APT group Water Hydra to circumvent Microsoft Defender SmartScreen and unleash the DarkMe malware upon unsuspecting victims. In a timely response, Microsoft has since patched the vulnerability, and Trend Micro now offers protection against this insidious threat.

The DarkMe Malware: A Sinister Force Unleashed

The DarkMe malware, a formidable adversary in the cyber world, has gained notoriety for its ability to infiltrate systems and wreak havoc on a grand scale. This malware variant, also known as TrojanWin32Powessere.G or ‘POWERLIKS’, typically employs the rundll32.exe file to execute its nefarious operations. Under normal circumstances, Windows Defender thwarts such attempts, presenting attackers with an ‘Access is denied’ error message.

However, the recently discovered vulnerability has provided a chink in Windows Defender’s armor, allowing the DarkMe malware to slip through the cracks and infect countless systems. By inserting multi-commas (,,) when referencing mshtml, cybercriminals found a way to bypass the mitigation measures, enabling the trojan to execute successfully and leaving victims at the mercy of the Water Hydra APT group.

The Vulnerability: A Critical Flaw in Windows Defender SmartScreen

The vulnerability, classified as having a high severity rating, requires local network access to be exploited. This means that an attacker must first gain entry to a victim’s network before they can capitalize on the flaw. Once inside, the attacker can then leverage the vulnerability to bypass Windows Defender SmartScreen, paving the way for the DarkMe malware to infiltrate the system.

The discovery of this vulnerability has sent shockwaves through the cybersecurity community, as it highlights the ever-evolving nature of the threats we face in today’s digital landscape. As cybercriminals continue to refine their tactics and develop new methods of attack, it’s crucial that cybersecurity professionals remain vigilant and proactive in their efforts to protect against such…

Source…