Back

Increase In The Exploitation Of Microsoft SmartScreen Vulnerability CVE-2024-21412

July 11, 2024, 1:36 p.m.

Tags

phishing
vulnerability
stealer
CVE-2024-21412
spam
malicious
2024-07-11
lumma
meduza stealer

External References

https://cyble.com/

https://otx.alienvault.com/

Description

Cyble analyzes an ongoing campaign exploiting a Microsoft SmartScreen vulnerability to deliver stealers through spam emails. The campaign employs lures related to healthcare, transportation, and tax notices to trick users into downloading malicious payloads. It utilizes techniques like DLL sideloading and IDATLoader to inject the final payload. The malicious activity culminates in the deployment of Lumma and Meduza Stealer for data theft.

Date

Published Created Modified
July 11, 2024, 1:12 p.m. July 11, 2024, 1:12 p.m. July 11, 2024, 1:36 p.m.

Indicators

aceee450c55d61671c2d3d154b5f77e7f99688b6da8a8f3256a4bae2cdb76a4c

81e89754ae2324c684fce71acafc30f8085870be947e7a76971b4fec1b24b5d1

7ee31fa89e9e68f20004bdc31f8f05a95861b6c678bfa3b57f09fdfad9ef5290

6481462f15ad4213f83a3d28304f14496bae1feb8580056959a657d0ee8981db

58e2b766dec37cc5fcfb63bc16d69627cd87e7e46f0b9f48899889479f12611e

4eccb7813cee8c8039424aebf69f4269d4a6c2c72d81a001254bcdce80034555

473abb2c272295473e5556ec7dec06f2018c0a67f208d8ab33de1fb6d40895f5

268a0de2468726a106fd92563a846e764f2ba313e37b5fc0cf76171b0a363f6f

2460e7590e09af09ced6f75c001a9066c18629d956edbe8041f08cd21b7528b2

a024a18e27707738adcd7b5a740c5a93534b4b8c9d3b947f6d85740af19d17d0

a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91

0e2263d4f239a5c39960ffa6b6b688faa7fc3075e130fe0d4599d5b95ef20647

Attack Patterns

Meduza Stealer

Lumma

T1218.005

T1574.002

T1566.002

T1071

T1055

T1036

T1027

T1190

T1059

Additional Informations

Australia

Spain

United States of America