BleepingComputer reports that attacks leveraging an already patched Windows Defender SmartScreen vulnerability, tracked as CVE-2024-21412, have been launched to facilitate DarkGate malware distribution.
Threat actors behind the campaign have sent malicious emails with a PDF attachment containing a link that redirects to a breached web server housing an internet shortcut file, a report from Trend Micro researchers revealed. Opening the shortcut file triggers another shortcut file on an attacker-controlled server and commences the exploitation of the SmartScreen issue to execute malicious MSI files spoofing legitimate Nvidia and Notion software, as well as the iTunes app, which eventually leads to DarkGate deployment, according to the report. Aside from enabling data exfiltration and additional payload retrieval, DarkGate also allows key logging, payload injections, and real-time remote access. Organizations have been urged to immediately implement the Patch Tuesday update issued by Microsoft last month to prevent attacks exploiting the security flaw.