CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign

Cybersecurity researchers have detailed a method employed by threat actors to exploit a vulnerability to bypass Windows Defender SmartScreen protections, enabling them to infect victims with malware like Phemedrone Stealer. The attackers employ a multilayered approach, using PowerShell, DLL files, and exploits for critical vulnerabilities in common software. The malware extracts sensitive data and evades detection by using encryption, dynamic key generation, obscure naming patterns, among other tactics. To mitigate the risk, organizations are advised to regularly update their systems and employ comprehensive cybersecurity solutions.