A public proof-of-concept (POC) for the Windows SmartScreen critical vulnerability patched last week (CVE-2023-36025) was reportedly released on 21 November. The vulnerability enables a potential attacker to craft a malicious internet shortcut or link to a malicious file and bypass Windows SmartScreen checks. The attack chain requires user interaction, with phishing being the most likely attack vector. Proofpoint reported attempts to deploy RemcosRAT via exploitation of this vulnerability have already been observed in the wild. At this stage, it is critical for both business and non-corporate users to apply the patch released last week. The attacks have been attributed to Narwhal Spider (a.k.a. TA544), a threat actor formerly linked to spam campaigns distributing the Ursnif trojan across a diverse geography, yet with a particular focus on Western Europe—particularly Italy—and Asia.
- Clipeus