Share

• Copy link
• Facebook
• X
• Reddit
• Email

Share this article

Join the conversation

Follow us

Add us as a preferred source on Google

Newsletter

Get the Tom's Guide Newsletter

Here at Tom’s Guide our expert editors are committed to bringing you the best news, reviews and guides to help you stay informed and ahead of the curve!

Become a Member in Seconds

Unlock instant access to exclusive member features.

Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors

---

By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

You are now subscribed

Your newsletter sign-up was successful

---

Want to add more newsletters?

Daily (Mon-Sun)

Tom's Guide Daily

Sign up to get the latest updates on all of your favorite content! From cutting-edge tech news and the hottest streaming buzz to unbeatable deals on the best products and in-depth reviews, we’ve got you covered.

Signup +

Weekly on Thursday

Tom's AI Guide

Be AI savvy with your weekly newsletter summing up all the biggest AI news you need to know. Plus, analysis from our AI editor and tips on how to use the latest AI tools!

Signup +

Weekly on Friday

Tom's iGuide

Unlock the vast world of Apple news straight to your inbox. With coverage on everything from exciting product launches to essential software updates, this is your go-to source for the latest updates on all the best Apple content.

Signup +

Weekly on Monday

Tom's Streaming Guide

Our weekly newsletter is expertly crafted to immerse you in the world of streaming. Stay updated on the latest releases and our top recommendations across your favorite streaming platforms.

Signup +

---

Join the club

Get full access to premium articles, exclusive features and a growing list of member rewards.

Explore

---

An account already exists for this email address, please log in.

Subscribe to our newsletter

Hackers are always looking for clever ways to get around the best antivirus software so that they can successfully deliver malware, and now it appears they’ve figured out how to bypass one of the security mechanisms built into Windows Defender. 

As reported by BleepingComputer, a new campaign spreading the Phemedrone info-stealing malware is exploiting a high-severity vulnerability (tracked as CVE-2023-36025) in Windows SmartScreen.

Even though you may not have heard of Windows SmartScreen before, you’re more than likely familiar with the feature. You see, when you download URL files online, there’s usually a security warning that pops up to let you know that these types of files may be dangerous. However, by exploiting this vulnerability in Windows SmartScreen, hackers can turn these prompts off entirely, resulting in more users opening their malicious files.

If you’re worried about accidentally downloading a dangerous file and infecting your own PC with malware, here’s everything you need to know about this new campaign along with some tips to help keep you safe online.

Bypassing SmartScreen to install malware

According to a new report from Trend Micro, other malware families in addition to Phemedrone have been abusing this Windows SmartScreen vulnerability to trick unsuspecting users into opening dangerous files.

One of the ways in which the hackers behind this and similar campaigns make their malicious files look less dangerous is by hosting them on trustworthy cloud services such as Discord or FileTransfer.io. They also URL shortener services to further disguise them.

After one of these malicious URL files is opened, it then downloads a control panel item (.cpl) file from a command-and-control (C&C) server run by the hackers behind this campaign. This is used to launch a PowerShell loader that fetches a malicious ZIP file that contains the Phemedrone malware disguised as a PDF file labeled “Secure.pdf.”

Once the Phemedrone malware is installed on a victim’s PC, it can harvest passwords, cookies and autofill data from Chromium-based browsers as well as a few of the best password managers including LastPass and KeePass. However, it can also steal funds from crypto wallets as well as files and folders stored on a victim’s PC.

How to stay safe from Windows malware

SmartScreen has already been patched. This means that updating your PC with the latest Windows security updates should be enough to keep you safe from any attacks exploiting this high-severity flaw.

Like they often do, hackers love to prey on users that have yet to update the best laptops and the best computers with the latest software. Even though it may seem annoying at times, installing updates from Microsoft as soon as they become available is one of the easiest ways to stay safe from hackers and other cybercriminals.

Since attacks like the one described above are able to bypass the best Windows antivirus software, it’s up to you to avoid downloading and trying to open potentially dangerous files. If you don’t pirate games or movies, you’re already off to a good start since a lot of malware is spread this way. Likewise though, you also want to be extra careful when downloading files from colleagues, friends and even your family. This is because hackers may have compromised their accounts and may be trying to use their contacts as a means to spread their malicious payloads even further.

For this reason, you want to stick to downloading files from trusted sites and sources as Google, Microsoft and other tech giants frequently scan files stored on the best cloud storage services for malware and other threats.

While the flaw in Windows SmartScreen may have been fixed, this likely isn’t the last we’ve seen of it as hackers will probably continue to exploit this vulnerability in their attacks even though it has already been patched.

More from Tom's Guide

• This new macOS backdoor lets hackers take over your Mac remotely
• Is Windows Defender good enough for my new laptop?
• Google Calendar now being targeted by hackers — what you need to know