Attacks exploiting the already patched Windows Defender SmartScreen flaw, tracked as CVE-2024-21412, continue to be launched by threat actors looking to stealthily distribute malware with credential theft, backdoor access, activity monitoring, and remote keylogging capabilities, according to SC Media.
Threat actors have been facilitating compromise not only through the utilization of obscured executables and DLL sideloading techniques but also via Open Redirect links redirecting to breached exploit-hosting web servers, an analysis from Fortinet revealed.
However, phishing remains to be the most prevalent initial vector for the threat, said Fortinet Global Security Strategist Aamir Lakhani.
"Exploiting this vulnerability begins with phishing emails containing malicious links. These emails use lures related to healthcare insurance schemes, transportation notices, and tax-related communications to deceive individuals and organizations," said Lakhani. Organizations have been urged to defend their networks by ensuring up-to-date Windows implementations, as well as exercising increased vigilance on unwanted emails and attachments.
