Pages:
Author

Topic: Phemedrone Stealer targeting crypto wallets, do not click URL shorteners - page 2. (Read 258 times)

sr. member
Activity: 854
Merit: 424
I stand with Ukraine!
Prevention is better and I avoid clicking on strange links or shortened links.

If you are curious, you can check shortened links with
https://checkshorturl.com/
https://unshorten.it/
https://linkunshorten.com/
https://urlex.org/
https://redirectdetective.com/
hero member
Activity: 2842
Merit: 772
A known malware, called Phemedrone Stealer is on the circulation right now and trying to take advantage and exploited CVE-2023-36025, the Windows Defender SmartScreen Bypass vulnerability.

The targets are cryptocurrency wallets:

  • Armory
  • Atomic
  • Bytecoin
  • Coinomi
  • Jaxx
  • Electrum
  • Exodus
  • Guarda




So the leverage here is that the criminals are going to hosts malicious internet shortcut files on Discord or other cloud services such as FileTransfer.io. And so once we click that shortcut files, it will connect to a controlled server by the hackers and then execute control panel item (.cpl) file. However, Microsoft Windows Defender should warn us about this shortcut url and what it will execute, but attackers also crafted a shortcut URL to evade everything.

We've seen a lot of shortcut files recently, and I suggest not to click anything specially from unknown source as we might be the next victims and then this criminals draining our wallets.

(https://www.trendmicro.com/en_us/research/24/a/cve-2023-36025-exploited-for-defense-evasion-in-phemedrone-steal.html)
Pages:
Jump to: