Phemedrone

Malware updated a month ago (2024-08-14T09:33:12.539Z)

Download STIX

Preview STIX

Phemedrone is a malicious software (malware) that has been designed to exploit and damage computer systems. This malware operates by infiltrating systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once it gains access, Phemedrone can steal personal information, disrupt operations, and even hold data hostage for ransom. The Phemedrone info stealer campaign has been identified as exploiting a Windows SmartScreen bypass, as reported in multiple articles on Security Affairs. The specific vulnerability being exploited is CVE-2023-36025. By leveraging this vulnerability, the malware is able to evade detection and carry out its nefarious activities undetected. In response to this threat, it is critical for organizations and individuals to update their systems and apply patches that address the CVE-2023-36025 vulnerability. Furthermore, users should exercise caution when downloading files, opening emails from unknown sources, or visiting unverified websites, as these are common vectors for malware infection.

Description last updated: 2024-08-14T08:49:15.494Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Phemedrone Stealer	5	Phemedrone Stealer is a type of malware that infiltrates systems to extract sensitive data. It has been found to have similar functionalities to another malware known as Styx Stealer, as evidenced by the country checks, anti-analysis function, and anti-VM checks in both malwares, according to Figure

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Vulnerability

Exploit

Windows

Payload

Exploits

Ransomware

Discord

Encryption

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

ID	Type	Votes	Profile Description
CVE-2023-36025	Unspecified	5	CVE-2023-36025 is a significant vulnerability identified in the Windows SmartScreen security feature. It was one of three zero-day vulnerabilities discovered, with the others being CVE-2023-36033, a privilege escalation vulnerability in the Windows DWM Core Library, and CVE-2023-36036, another privi
Windows Defender Smartscreen Bypass	Unspecified	2	The Windows Defender SmartScreen Bypass (CVE-2023-36025) is a significant vulnerability in the design and implementation of Microsoft's software. This flaw allows malicious actors to evade defensive mechanisms, enabling them to infiltrate systems undetected. The vulnerability has been exploited exte

Source Document References

Information about the Phemedrone Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Checkpoint	a month ago	Unmasking Styx Stealer: How a Hacker's Slip Led to an Intelligence Treasure Trove - Check Point Research
Securityaffairs	a month ago	SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
Securityaffairs	a month ago	security-affairs-malware-newsletter-round-5
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 2
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 1
Securityaffairs	3 months ago	Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	3 months ago	Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	3 months ago	Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	4 months ago	Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	4 months ago	Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs newsletter Round 466 by Pierluigi Paganini
Securityaffairs	6 months ago	Security Affairs newsletter Round 465 by Pierluigi Paganini
Securityaffairs	6 months ago	Security Affairs newsletter Round 464 by Pierluigi Paganini
Securityaffairs	6 months ago	Security Affairs newsletter Round 463 by Pierluigi Paganini
Securityaffairs	6 months ago	Security Affairs newsletter Round 462 by Pierluigi Paganini
CERT-EU	8 months ago	Hackers Exploiting Windows Defender SmartScreen Flaw \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting