How hackers exploit Windows SmartScreen vulnerability to spread malware | Trending Viral hub


Join Fox News to access this content

Plus, special access to select articles and other premium content with your account, free of charge.

Please enter a valid email address.

If you use a Windows computer, it’s time to update it once again, before hackers come to you with the latest Windows malware threat. Phemedrone is an open source malware that targets web browsers and data from cryptocurrency wallets and messaging apps like Telegram and Discord. And, this time, it reaches common Windows users by simply bypassing antivirus through Windows SmartScreen.

If this seemed like a lot of hot air to you, let’s discuss what exactly it means, how it works, and what else you need to know so you don’t end up falling victim to this clever malware scam.


How hackers exploit a Windows SmartScreen vulnerability to spread malware

Hacker on Windows computer (Kurt “CyberGuy” Knutsson)

What is Windows SmartScreen?

Before detailing this specific threat, let’s talk about Windows SmartScreen. windows Intelligent Screen is a cloud-based anti-phishing and anti-malware component found in many Microsoft products that determines whether a website is potentially malicious or not to protect users from downloading harmful viruses to their devices. To do this, it analyzes web pages and identifies suspicious behavior that could be indicative of malicious sites, applications and files that could be downloaded.

You have several tactics that you use to make this determination. Still, essentially, when it does so, it will notify the user via Windows SmartScreen, showing them a warning on the page letting them know that whatever they’re about to do could be dangerous.

How hackers exploit a Windows SmartScreen vulnerability to spread malware

Windows Popup Screen (Microsoft Technology Community) (Kurt “CyberGuy” Knutsson)


How hackers overcame Windows SmartScreen

Unfortunately, hackers discovered and exploited a vulnerability in Windows Defender known as CVE-2023-36025 in November 2023. Allow bad actors to bypass Windows Defender SmartScreen. He did this by hosting the malicious URL (which was shortened to make it less suspicious) on a trusted cloud provider, such as Discord or, although he did not mention exactly how users were tricked into doing so. After all, it is a sophisticated trick.

Windows recognized these as safe, while hackers were able to disable the prompt that would otherwise allow Windows SmartScreen to appear. Whenever someone clicked on the URL, Windows SmartScreen did not consider it harmful and therefore did not warn users.

What would happen after this is that the victim would unknowingly download a command and control control panel item (.cpl) file, allowing hackers to essentially communicate and control the device they have compromised. Once inside, they launch a PowerShell loader, which grabs a ZIP PDF file labeled “Secure.pdf.” But that’s not a secure PDF… it’s a stealth file that disguises the Phemedrone malware. Then, boom. It’s on your device. And this is what would happen next.


What is this malware capable of?

The type of malware in this particular threat is known as Phemedrone, and no, it is not the name of a drug: it is a new open source malware that has the main goal of stealing data stored in web browsers, funds from your cryptocurrency wallets and other data, including password managers like LastPass. It can even steal cookies, autofill data, and browser data, as well as any other files and folders on your computer that the hacker wants to access.

And that’s not all. This malware is also capable of:

  • Collection of system information. (hardware, OS, geolocation) and take screenshots
  • Get Discord Authentication Tokens and Files related to file related to Steam and Telegram authentication
  • Capturing connection details and credentials for FileZilla (a free FTP solution)
How hackers exploit a Windows SmartScreen vulnerability to spread malware

hacker at work (Kurt “CyberGuy” Knutsson)


Perform software updates regularly to stay safe from threats

Now, the reason you are here is to protect yourself. New threats emerge every day as hackers get smarter and find more loopholes to exploit. But, in the case of this specific threat, Windows has already patched it and introduced protection in a software update. This means that all you need to do is keep up with your software updates in Windows to protect yourself, something you’d be surprised how many people forget to do or ignore completely. These software updates are important to keep you safe, not only from this threat, but from any other that may come your way.

Also, remember not to open or click on any links or files that you don’t know are legitimate. Of course, hackers find sneaky ways to convince you that a link can be trusted even when it’s malicious. But stick to downloading files and apps from trusted browsers and app stores, and think twice before clicking on links in messaging apps.

Always have powerful antivirus software on all your devices

Effective antivirus software is a must. It is best to help stop and alert you to any malware on your system, warn you not to click on malicious links in phishing emails, and ultimately protect you from being hacked. The best way to protect against a breach of your data is to have antivirus protection installed on all your devices. Having good antivirus software allows you to be resilient against growing attacks like the Phemedrone malware by actively running it on your devices. Get my picks for the best antivirus protection winners of 2024 for your Windows, Mac, Android, and iOS devices.

Kurt’s Key Takeaways

Well, the most important takeaway from this is that you can never be 100% safe online. Even tools meant to protect you, like Windows SmartScreen, can be exploited from time to time. So, stay alert and have good antivirus software running on all your devices.

When was the last time you updated the software? How do you decide when it’s time to upgrade? Let us know by writing to us at

For more tech tips and security alerts, sign up for my free CyberGuy Report newsletter by heading to

Ask Kurt a question or tell us what stories you’d like us to cover..

Answers to the most frequently asked questions about CyberGuy:

Copyright 2024 All rights reserved.


Check Also

FIFA is said to be close to reaching a television deal with Apple for a new tournament | Trending Viral hub

[ad_1] FIFA, soccer’s world governing body, is close to a deal with Apple that would …

Tesla to recall Cybertruck in latest setback | Trending Viral hub

[ad_1] Tesla agreed to recall nearly 4,000 of its Cybertruck pickup trucks to repair an …

How scam calls and messages took over our daily lives | Trending Viral hub

[ad_1] Doctorow noted that just as the Internet has made routine tasks less onerous, it …

Leave a Reply

Your email address will not be published. Required fields are marked *