A recently patched Microsoft Windows security hole was used as a zero-day exploit by a Darkgate Malware campaign that was discovered in mid-January 2024 employing phony software installers.

Users were tricked by PDFs containing Google DoubleClick Digital Marketing (DDM) open redirects during this campaign, according to Trend Micro. This caused unwary victims to visit compromised websites hosting the Microsoft Windows SmartScreen, avoid CVE-2024-21412, which resulted in malicious Microsoft (.MSI) installers.

CVE-2024-21412 (CVSS score: 8.1) is a security feature bypass vulnerability related to internet shortcut files that allows an unauthorized attacker to get past SmartScreen defenses by deceiving a victim into clicking on a malicious file read more Darkgate Malware Exploited Recently Patched Microsoft Flaw in Zero Day Attack.

Get up to date on the latest cybersecurity news and enhance your knowledge of cybersecurity with our thorough coverage of the dangers, breaches, and solutions.

The post DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack appeared first on Recon Bee.