Prevention is better and I avoid clicking on strange links or shortened links.
If you are curious, you can check shortened links with
https://checkshorturl.com/
https://unshorten.it/
https://linkunshorten.com/
https://urlex.org/
https://redirectdetective.com/
Topic: Phemedrone Stealer targeting crypto wallets, do not click URL shorteners - page 2. (Read 196 times)
January 18, 2024, 09:39:05 AM
January 18, 2024, 09:01:34 AM
A known malware, called Phemedrone Stealer is on the circulation right now and trying to take advantage and exploited CVE-2023-36025, the Windows Defender SmartScreen Bypass vulnerability.
The targets are cryptocurrency wallets:
So the leverage here is that the criminals are going to hosts malicious internet shortcut files on Discord or other cloud services such as FileTransfer.io. And so once we click that shortcut files, it will connect to a controlled server by the hackers and then execute control panel item (.cpl) file. However, Microsoft Windows Defender should warn us about this shortcut url and what it will execute, but attackers also crafted a shortcut URL to evade everything.
We've seen a lot of shortcut files recently, and I suggest not to click anything specially from unknown source as we might be the next victims and then this criminals draining our wallets.
(https://www.trendmicro.com/en_us/research/24/a/cve-2023-36025-exploited-for-defense-evasion-in-phemedrone-steal.html)
The targets are cryptocurrency wallets:
- Armory
- Atomic
- Bytecoin
- Coinomi
- Jaxx
- Electrum
- Exodus
- Guarda
So the leverage here is that the criminals are going to hosts malicious internet shortcut files on Discord or other cloud services such as FileTransfer.io. And so once we click that shortcut files, it will connect to a controlled server by the hackers and then execute control panel item (.cpl) file. However, Microsoft Windows Defender should warn us about this shortcut url and what it will execute, but attackers also crafted a shortcut URL to evade everything.
We've seen a lot of shortcut files recently, and I suggest not to click anything specially from unknown source as we might be the next victims and then this criminals draining our wallets.
(https://www.trendmicro.com/en_us/research/24/a/cve-2023-36025-exploited-for-defense-evasion-in-phemedrone-steal.html)
Jump to: