Microsoft SmartScreen Flaw Used for Covert Stealer Deliveries

Threat Level – Red | Attack Report
Download PDF

An active campaign exploiting the Microsoft SmartScreen vulnerability CVE-2024-21412 has been discovered. Threat actors have leveraged this vulnerability to bypass Microsoft Defender SmartScreen and deploy payloads on victims’ systems. The attack employs a multifaceted approach, utilizing various script files, including PowerShell and JavaScript, to deliver the final payload. This multi-stage process ultimately culminates in the deployment of malicious payloads like Lumma and Meduza Stealer, both of which focus on collecting sensitive information from the victim’s machine.

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox