This devious malware looked to exploit braille characters to breach Windows security flaws

The Windows operating system (OS) had a vulnerability that allowed people to hide a file’s true extension, which hackers were able to use and distribute files that looked like .PDF documents, but were in fact weaponized .HTA files.

In the most recent Patch Tuesday cumulative update, Microsoft addressed a flaw described as “Windows MSHTML spoofing vulnerability”, and tracked as CVE-2024-43461. This flaw was apparently used by a threat actor known as Void Banshee to deploy the Atlantida infostealer.

In the attack, the crooks would first create a malicious .HTA file. An .HTA file stands for HTML Application, and it is a file type that allows HTML to be executed as a standalone application. Unlike typical web pages that run in a browser, .HTA files are executed with more privileges, similar to desktop applications, and can access system resources.

Atlantida infostealer

Then, they would abuse the vulnerability to add twenty-six repeated encoded braille whitespace characters to the file’s name. That way, when a user views a file on their computer, the actual file type would be hidden, tricking the victim into believing they were looking at a .PDF file, instead. Running the file would install the Atlantida infostealer, which would pick up and exfiltrate sensitive data, login information, and more.

Deploying the .HTA file to the device was done through a weaponized shortcut file (.URL). This file was most likely delivered with phishing, or social engineering.

“Specifically, the attackers used special Windows Internet Shortcut files (.url extension name), which, when clicked, would call the retired Internet Explorer (IE) to visit the attacker-controlled URL,” Check Point Research explained in a recent paper, BleepingComputer reports.

The bug was fixed with the latest Patch Tuesday update. Now, when a user tries to open the .HTA file, the actual file type will not remain hidden. However, it will still be pushed to the right, thanks to multiple braille whitespace characters, which might still confuse some people.

More from TechRadar Pro

https://cdn.mos.cms.futurecdn.net/exjZtnyH8bykMKrG4TDthC-1200-80.jpg

Source link

Top 10 SEO Project Management Templates (Free & Paid)

9 Marketing Plan Templates You Can (Legally) Steal for Free

Are Ghost Calls a Problem? Yes, if They Don’t Stop

Qualcomm’s AI Conductor wants to harmonize your schedule and, maybe, your life

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

People are driving through flames to escape this California wildfire

New ‘Westworld’ trailer introduces us to another dystopian tech company

What’s the point of ‘Charlie’s Angels’ without Sam Rockwell dancing?

These striking photos capture the future of human flight

‘Heathers’ is still the best dark comedy about high school hell

Trump vs. Harris: How the election will affect EV adoption

Lumwana’s Super Pit Expansion Officially Launched By Investing.com

How Biden could use a 1947 law to suspend the dockworkers’ strike

Why your Roth IRA conversions could have ‘unintended’ tax consequences

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

This devious malware looked to exploit braille characters to breach Windows security flaws

Top 10 SEO Project Management Templates (Free & Paid)

9 Marketing Plan Templates You Can (Legally) Steal for Free

Are Ghost Calls a Problem? Yes, if They Don’t Stop

Qualcomm’s AI Conductor wants to harmonize your schedule and, maybe, your life

Leave a reply Cancel reply