DarkMe RAT spread via novel Windows Defender zero-day

BleepingComputer reports that attacks exploiting a new Windows Defender zero-day flaw, tracked as CVE-2024-21412, have been conducted by the Water Hydra threat operation, also known as DarkCasino, against foreign exchange traders on New Year's Eve to facilitate the distribution of the DarkMe remote access trojan. Water Hydra leveraged the vulnerability which has been addressed by Microsoft alongside another Windows SmartScreen zero-day, tracked as CVE-2024-21351, as part of this month's Patch Tuesday to bypass Windows Defender SmartScreen and infiltrate foreign exchange trading forums and Telegram channels, a report from Trend Micro revealed. Meanwhile, social engineering tactics were employed by attackers to lure traders into downloading the malware. Such a development comes nearly a year after Water Hydra began exploiting a high-severity WinRAR zero-day, tracked as CVE-2023-38831, in attacks against trading accounts. Russian, Chinese, and North Korean state-sponsored threat operations, including Sandworm, APT40, and Konni have also used the WinRAR flaw in their respective attack campaigns.