HomeWinBuzzer NewsWindows Defender SmartScreen Vulnerability CVE-2023-36025 Bypassed by Phemedrone Stealer

Windows Defender SmartScreen Vulnerability CVE-2023-36025 Bypassed by Phemedrone Stealer

New virus "Phemedrone Stealer" targets unpatched Windows machines, stealing data from browsers, wallets, and more.


Researchers at Trend Micro have identified a novel malware strain, Phemedrone Stealer, which exploits a vulnerability in Windows Defender SmartScreen previously addressed by . The CVE-2023-36025 vulnerability, despite having been patched on November 14, is being leveraged by cybercriminals using Phemedrone Stealer to acquire sensitive information from unsuspecting users.

Infection Mechanism

The malware, which targets a variety of software products including browsers, file managers, and communication platforms, infects systems through specifically crafted .url files. These files, once opened, download and execute malicious scripts that successfully bypass the protective measures of SmartScreen. This enables the malware to operate stealthily without triggering any security warnings which usually alert users to potential threats.

Once the malware circumvents detection mechanisms, it proceeds to download its payload and secures a permanent foothold within the target system. From there, Phemedrone Stealer begins its primary operation: an extensive search and data exfiltration process involving a multitude of specific file types and sensitive information including system details and screenshots.

Data Exfiltration Tactics

The culprits behind Phemedrone Stealer employ Telegram's API to transfer collected data. The stolen information, which encompasses comprehensive system details such as geolocation and other personal data, is meticulously gathered from like or . The first piece of data sent is system information followed by a ZIP file containing all the plundered data, which is meticulously compressed for convenience.

Keeping systems updated with the latest security patches is essential to ward off attacks from malware like Phemedrone Stealer. With Microsoft's prompt response to the CVE-2023-36025 vulnerability, users who apply these updates in a timely manner substantially reduce their risk of compromise from this specific vector. However, vigilance and good practices remain paramount as continually seek new ways to exploit even the most minor weaknesses.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News