Network Security, Threat Intelligence, Malware

Windows MSHTML spoofing bug leveraged in Void Banshee attacks

Share
Privacy concept: pixelated words Malware on digital background, 3d render

BleepingComputer reports that information-stealing malware attacks have been conducted by advanced persistent threat operation Void Banshee through the exploitation of the recently addressed Windows MSHTML spoofing zero-day vulnerability, tracked as CVE-2024-43461.

Void Banshee leveraged the flaw, which could allow arbitrary code execution through malicious webpages or files, to distribute malicious PDF-spoofing HTA files whose extensions were concealed via 26 encoded braille whitespace characters, which contained the infostealing payloads, according to Trend Micro Zero Day Initiative threat researcher Peter Girnus, who discovered and reported the issue.

Such a development — which comes as Microsoft confirmed its exploitation alongside another MSHTML spoofing issue, tracked as CVE-2024-38112, before July — has prompted the inclusion of CVE-2024-43461 in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog. Federal agencies have been urged to remediate the flaw by Oct. 7.

"These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise," said CISA.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.