A new malware named Phemedrone Stealer has emerged as a significant threat to Windows PCs, capable of evading the Windows Defender antivirus solution, cautioned cybersecurity researchers at Trend Micro. The malware is designed to steal sensitive information from compromised devices, including passwords, authentication cookies, and other valuable data.

According to the report by Trend Micro, Phemedrone Stealer targets various sources of sensitive information, such as web browsers, cryptocurrency wallets, and messaging platforms like Telegram, Steam, and Discord. It can also capture screenshots and extract data related to hardware, location, and operating system details. The stolen data is then transmitted to the attackers either through Telegram or their command-and-control server.

The malware exploits a known vulnerability, CVE-2023-36025, which was recently discovered in Microsoft Windows Defender SmartScreen. This vulnerability allows threat actors to bypass Defender Smartscreen checks and associated prompts. The score of 8.8/10 assigned to the vulnerability indicates its severity. To exploit the flaw, an attacker must craft a custom Internet Shortcut (.URL) or hyperlink that leads the victim to interact with it.

Although Microsoft has patched the vulnerability in mid-November 2023, reports indicate that hackers are actively searching for devices that have not applied the fix. Cybersecurity experts strongly recommend all Windows users to ensure their systems are up to date with the latest patches. In response to the evidence of in-the-wild usage of the vulnerability, the Cybersecurity and Infrastructure Security Agency (CISA) has included it in the Known Exploited Vulnerabilities (KEV) list.

The report also mentions that since the vulnerability was disclosed, a rising number of malware campaigns, including one distributing Phemedrone Stealer, have integrated the exploit into their attack chains.

With the increasing sophistication of cyber threats, it is crucial for individuals and organizations to remain vigilant, regularly update their security software, and exercise caution while interacting with unfamiliar or suspicious links. By staying informed and adopting robust cybersecurity practices, users can effectively protect themselves against emerging threats like Phemedrone Stealer and similar malware attacks.