Exploiting CVE-2024-21412: A Stealer Campaign Unleashed
Essential information
- Published
- 24/07/2024 08:02
- Modified
- 24/07/2024 08:16
- Tags
- 2024-07-24 CVE-2024-21412 acr stealer evasion injection malware meduza stealer pdf stealer windows
- Related entities
- 1 vulnerabilities (cve), 27 observables, 16 techniques (mitre), 2 malware
Description
This report details a malicious campaign exploiting the CVE-2024-21412 vulnerability in Microsoft Windows SmartScreen to bypass security warnings and deliver malware. Attackers employ crafted links, LNK files, and HTA scripts to download decoy PDFs and shell code injectors, ultimately injecting stealers like Meduza and ACR into legitimate processes. The campaign targets various regions and employs different techniques to evade detection, posing a significant threat to affected systems.