BleepingComputer reports that information-stealing malware attacks have been conducted by advanced persistent threat operation Void Banshee through the exploitation of the recently addressed Windows MSHTML spoofing zero-day vulnerability, tracked as CVE-2024-43461.
Void Banshee leveraged the flaw, which could allow arbitrary code execution through malicious webpages or files, to distribute malicious PDF-spoofing HTA files whose extensions were concealed via 26 encoded braille whitespace characters, which contained the infostealing payloads, according to Trend Micro Zero Day Initiative threat researcher Peter Girnus, who discovered and reported the issue.
Such a development — which comes as Microsoft confirmed its exploitation alongside another MSHTML spoofing issue, tracked as CVE-2024-38112, before July — has prompted the inclusion of CVE-2024-43461 in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog. Federal agencies have been urged to remediate the flaw by Oct. 7.
"These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise," said CISA.