Malware News Infected ads used IE leak for 'zero-click' malware infection

nicolaasjan

nicolaasjan

Level 5
Thread author
Verified
Well-known
May 29, 2023
210
Content source
https://www.security.nl/posting/862319/Besmette+advertenties+gebruikten+IE-lek+voor+%27zero-click%27+malware-infectie
Translated:

Attackers have recently used compromised advertisements to infect Windows users without any interaction with malware. A vulnerability in Internet Explorer (IE) was used. Microsoft released Last August, updates for the vulnerability ( CVE-2024-38178 ), which was actively exploited before the patches were released. This was reported by antivirus company AhnLab and the South Korean National Cyber Security Center (NCSC).
Internet Explorer is disabled in Windows, but is still present in the operating system. Applications can also still use Internet Explorer. The attackers targeted a specific advertising program that is installed with all kinds of free software and shows all kinds of advertisements. This advertising program uses an IE-based WebView to display advertisements.
Vulnerabilities in Internet Explorer can be exploited via such a WebView. The attackers took advantage of this by compromising a South Korean advertising company to distribute infected advertisements. These advertisements were automatically displayed via the vulnerable advertising program, where the malicious code in the advertisements was automatically executed thanks to the IP leak. No interaction from victims was required.
The infected advertisements installed the RokRAT malware that steals various files from the system and sends them back to the attackers. The malware also stores keystrokes, monitors the clipboard and takes screenshots. According to South Korean authorities and AhnLab, the attack is the work of a North Korean group called StarCruft and APT37.
Click to expand...
 
  • Like
  • +Reputation
Reactions: lokamoka820, brambedkar59, harlan4096 and 2 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 82
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,189
The same news on BleepingComputer:
Despite Microsoft announcing Internet Explorer's retirement in mid-2022, many of the browser's components remain in Windows or are used by third-party software, allowing threat actors to discover new vulnerabilities for use in attacks.

This may be happening without the users even realizing they're on outdated software that can be easily exploited for zero-click attacks, laying the ground for mass-scale exploitation by knowledgeable threat actors.

What makes this worse is that even though Microsoft fixed this particular Internet Explorer flaw in August, it does not guarantee that it will be adopted immediately by tools using older components. Therefore, free software using outdated Internet Explorer components continues to put users at risk.

BleepingComputer asked ASEC about the number of impacted users and the name of the exploited free software, and we will update you with more information once available.
Click to expand...
www.bleepingcomputer.com

Malicious ads exploited Internet Explorer zero day to drop malware

The North Korean hacking group ScarCruft launched a large-scale attack in May that leveraged an Internet Explorer zero-day flaw to infect targets with the RokRAT malware and exfiltrate data.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • +Reputation
Reactions: lokamoka820, brambedkar59, Andy Ful and 3 others

Similar threads

Gandalf_The_Grey
    • Like
    • Wow
    • +Reputation
Security News Windows driver zero-day exploited by Lazarus hackers to install rootkit (patched August 2024)
Replies
0
Views
1,561
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Trident
    • Like
    • +Reputation
Malware News Attacker Relies on Retired IE and Parlour Tricks for More than a Year
Replies
4
Views
3,034
Security News
brambedkar59
brambedkar59
oldschool
    • Like
    • Wow
    • HaHa
  • Locked
Security News US charges Russian military officers for unleashing wiper malware on Ukraine
Replies
11
Views
1,880
Security News
Marko :)
Marko :)

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top