CVE-2024-21412

Vulnerability updated 5 months ago (2024-05-04T20:18:07.089Z)

Download STIX

Preview STIX

CVE-2024-21412 is a security feature bypass vulnerability in the Microsoft Windows Internet Shortcut SmartScreen. The flaw, which was exploited as a zero-day, allows attackers to bypass the SmartScreen feature that typically warns users about running unrecognized apps and files from the internet. This vulnerability was actively exploited by two groups, one of them being the financially motivated advanced group Water Hydra (also known as DarkCasino), who targeted financial market traders. This vulnerability has been exploited through social engineering methods such as email and direct messages, requiring some form of user interaction for successful exploitation. The flaw was initially discovered by researchers who also uncovered a similar zero-day bug (CVE-2024-21412) used in a DarkGate campaign impersonating popular brands like Apple iTunes. This similarity indicates a pattern of exploiting vulnerabilities within the SmartScreen feature, making it a critical area for future security enhancements. Microsoft addressed this issue with a patch, CVE-2024-29988, credited to the same researchers who initially disclosed the flaw. However, given the active exploitation of these vulnerabilities and their potential impact on users, it is essential for all users to apply the necessary patches promptly and remain vigilant against social engineering attempts. Furthermore, businesses and individuals should ensure they have robust security measures in place to protect against such threats.

Description last updated: 2024-05-04T19:36:54.616Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Vulnerability

Microsoft

Exploit

Windows

Malware

Zero Day

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Darkgate Malware is associated with CVE-2024-21412. DarkGate is a multifunctional malware known for its capabilities in information and credential stealing, cryptocurrency theft, and ransomware delivery. A recent campaign has seen it exploit a zero-day vulnerability in Microsoft Windows, allowing it to infiltrate systems undetected. DarkGate can be d	Unspecified	4

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Water Hydra Threat Actor is associated with CVE-2024-21412. Water Hydra, also known as DarkCasino, is a threat actor group that has been exploiting the Windows SmartScreen vulnerability CVE-2024-21412 since mid-January 2024. This group has demonstrated a sophisticated attack chain, using this zero-day exploit to bypass Microsoft Defender SmartScreen and infe	Unspecified	7
The Darkme Threat Actor is associated with CVE-2024-21412. DarkMe is a threat actor group, also known as DarkCasino or Water Hydra, that has been actively executing large-scale cyberattacks since 2022. The group primarily uses a Visual Basic spy Trojan, also named DarkMe, in its operations. This Trojan was developed by the group in 2021 and has been continu	Unspecified	3
The Darkcasino Threat Actor is associated with CVE-2024-21412. DarkCasino is a threat actor that has recently emerged in the cybersecurity landscape. As a malicious entity, it's responsible for executing actions with potentially harmful intent. The nature of such entities can range from individual hackers to more organized groups affiliated with private compani	Unspecified	3

Source Document References

Information about the CVE-2024-21412 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	2 months ago	SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
Securityaffairs	2 months ago	security-affairs-malware-newsletter-round-5
Canadian Centre for Cyber Security	8 months ago	Microsoft security advisory – February 2024 monthly rollup (AV24-084)
DARKReading	3 months ago	Cyberattackers Exploit Microsoft SmartScreen Bug in Stealer Campaign
Securelist	5 months ago	Analyzing the vulnerability landscape in Q1 2024
InfoSecurity-magazine	6 months ago	Microsoft Patches 150 Flaws Including Two Zero-Days
DARKReading	6 months ago	Microsoft Patch Tuesday Tsunami: No Zero-Days, but an Asterisk
Krebs on Security	6 months ago	April’s Patch Tuesday Brings Record Number of Fixes
CERT-EU	7 months ago	Exploitation of Windows SmartScreen Bypass Flaw Facilitates Deployment of DarkGate RAT
CERT-EU	7 months ago	Cyber Security Week in Review: March 15, 2024
CERT-EU	7 months ago	Hackers Exploit Windows SmartScreen Vulnerability to Install DarkGate Malware
CERT-EU	7 months ago	Malware Alert - Increasing Trend of DarkGate Malware Attacks Exploiting Microsoft Windows SmartScreen's Critical Vulnerability
CERT-EU	7 months ago	Recent DarkGate campaign exploited Microsoft Windows zero-day
Securityaffairs	7 months ago	Recent DarkGate campaign exploited Microsoft Windows zero-day
BankInfoSecurity	7 months ago	Breach Roundup: US FCC Authorizes IoT Cybersecurity Label
CERT-EU	7 months ago	DarkGate malware exploits recently patched Windows SmartScreen zero-day bug
DARKReading	7 months ago	Windows SmartScreen Bypass Flaw Exploited to Drop DarkGate RAT
CERT-EU	7 months ago	CVE-2024-21412 Used in DarkGate Malware Campaigns
CERT-EU	7 months ago	DarkGate malware spread via Windows SmartScreen bug abuse
CERT-EU	7 months ago	March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V - Help Net Security