In March 2024, eSentire's
Threat Response Unit (TRU) discovered multiple instances of D3F@ck Loader infections being propagated via Google Ads. This new loader, which debuted on hacking forums in January 2024 (Figure 1), can allegedly bypass several key security features such as Google Chrome, Edge, Windows Defender alerts, and SmartScreen.
(...)
Consequently, many security programs and application control policies are more inclined to trust programs signed with an EV certificate. For instance, Microsoft's SmartScreen filter, which is utilized by Windows and other Microsoft products, evaluates the reputation of an executable at runtime.
Files signed with an EV certificate typically establish a trustworthy reputation faster than those signed with standard certificates or those that are unsigned. This advantage allows most malware to bypass SmartScreen warnings more effectively.
Learn more about the D3F@ck Loader malware and get security recommendations from our Threat Response Unit (TRU) to protect your business from this cyber…
www.esentire.com