Phemedrone Stealer

Malware Profile Updated 20 days ago
Download STIX
Preview STIX
Phemedrone Stealer is a sophisticated malware that targets Windows Defender SmartScreen's vulnerability, CVE-2023-36025, for its defense evasion and infection chain. The malware campaign was uncovered by Trend Micro researchers who found it exploiting this vulnerability, despite the release of a security patch by Microsoft. The malware is distributed through malicious Internet Shortcut files hosted on platforms like Discord or other cloud services such as FileTransfer.io, often disguised with URL shorteners. Once initiated, Phemedrone Stealer can steal sensitive data from web browsers, cryptocurrency wallets, and messaging apps like Telegram, Steam, and Discord. Since the details of CVE-2023-36025 vulnerability first emerged, there has been an increasing number of malware campaigns incorporating this vulnerability into their attack chains, including those distributing the Phemedrone Stealer payload. Despite having been patched, threat actors continue to find ways to exploit this vulnerability and evade Windows Defender SmartScreen protections. This allows them to infect users with various types of malware, including ransomware and infostealers like Phemedrone Stealer. The Phemedrone Stealer campaign highlights the evolving nature of sophisticated malware threats and the ability of malicious actors to quickly enhance their infection chains by adding new exploits for critical vulnerabilities in everyday software. Even though patches have been released to address these vulnerabilities, the persistent exploitation demonstrates the continuing challenges in ensuring comprehensive system security. As the report concludes, "Despite having been patched, threat actors continue to find ways to exploit CVE-2023-36025 and evade Windows Defender SmartScreen protections to infect users with a plethora of malware types, including ransomware and stealers like Phemedrone Stealer."
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Phemedrone
4
Phemedrone is a malicious software (malware) that has been causing significant cybersecurity concerns due to its ability to exploit the Windows SmartScreen bypass, as reported by various security outlets. This malware is designed to infiltrate your computer or device undetected, typically through su
Mispadu
1
Mispadu is a malicious software (malware) that has been used to exploit and damage computer systems, often infiltrating the system through suspicious downloads, emails, or websites. It was first uncovered by Eset in 2019, who detailed its theft of money and credentials from Spanish- and Portuguese-s
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Payload
Malware
Windows
Exploit
Vulnerability
Discord
Telegram
Ransomware
Encryption
Microsoft
Loader
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2023-36025Unspecified
4
CVE-2023-36025 is a significant vulnerability, representing a flaw in the design or implementation of Microsoft's Windows SmartScreen security feature. This vulnerability was discovered as one of three zero-days affecting Microsoft Windows and Server. The exploit begins with the execution of a malic
Windows Defender Smartscreen BypassUnspecified
2
The Windows Defender SmartScreen Bypass (CVE-2023-36025) is a significant vulnerability in the design and implementation of Microsoft's software. This flaw allows malicious actors to evade defensive mechanisms, enabling them to infiltrate systems undetected. The vulnerability has been exploited exte
Source Document References
Information about the Phemedrone Stealer Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
InfoSecurity-magazine
20 days ago
Modular Malware Boolka’s BMANAGER Trojan Exposed
CERT-EU
6 months ago
Hackers Exploiting Windows Defender SmartScreen Flaw | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
Securityaffairs
6 months ago
Phemedrone campaign exploits Windows smartScreen bypass
CERT-EU
6 months ago
Crypto Malware Designed for Windows Hacking on the Loose | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
6 months ago
How to exploit Windows Defender Antivirus to infect a device with malware
CERT-EU
6 months ago
Windows Defender SmartScreen Vulnerability Exploited with Phemedrone Stealer
InfoSecurity-magazine
6 months ago
Phemedrone Stealer Targets Windows Defender Flaw Despite Patch
CERT-EU
6 months ago
Windows Defender SmartScreen Vulnerability Exploited with Phemedrone Stealer | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
6 months ago
Windows SmartScreen bug exploited to deliver powerful info-stealer (CVE-2023-36025) - Help Net Security
CERT-EU
6 months ago
Data-theft malware exploits Windows Defender SmartScreen
Trend Micro
6 months ago
CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign
CERT-EU
4 months ago
Malware Alert - Increasing Trend of DarkGate Malware Attacks Exploiting Microsoft Windows SmartScreen's Critical Vulnerability