Do you use Telegram, Discord, or other popular apps? If yes, you need to be careful. A new virus called "Phemedrone Stealer" can take your personal data from your web browsers and messaging apps. This virus can get your passwords, cookies, credit cards, and even your digital money. It can also see what you are doing on your computer and where you are.
This malware takes advantage of a vulnerability in Windows Defender SmartScreen, the built-in antivirus tool in Windows. The feature alerts the user before running files from unknown sources. Although Microsoft fixed this weakness in November 2023, some people may still need to update their systems.
The virus used files stored on Discord or other online services to deceive people into running them. These files would then download and run another file that served as the loader for the virus. The loader used various tactics to conceal its activities, such as changing the names of the files, encrypting the data, and loading the files differently. It also created a task that initiated the virus every time the computer started. The loader then executed the final part of the virus, which was hidden in a file called secure.pdf. Once fully installed, the malware began by setting up its configuration and connecting to Telegram, which it used to transmit the data to the hackers. It then collected and compressed the data from the targeted apps and services and sent it to the hackers as a document.
To avoid becoming a victim of this virus, you should follow these steps:
- Update your Windows system to the latest version and install all security updates. This will fix the CVE-2023-36025 weakness and stop the virus from using it.
- Don't open or run files from unknown or suspicious sources, especially if they have the .url or .cpl extension. The virus uses these file types to avoid the SmartScreen protection.
- Use good antivirus software to find and block harmful files and activities.
- Be careful about what data you store or share on your web browsers and messaging apps. Use strong and different passwords, turn on two-factor authentication, and clear your cookies and browsing history often. Also, backup your important files and digital money to a safe place.
Existing malware continues to evolve to find new points of entry and exploit weaknesses in Operating Systems. This story demonstrates how quickly and easily hackers can change and improve their methods using public tools and information.
#ALTACyber
------------------------------
Genady Vishnevetsky
Chief Info Security Officer
Stewart Title Guaranty Company
Houston TX
------------------------------