In May 2024, Trend Micro's Zero Day Initiative (ZDI) discovered a new vulnerability, CVE-2024-38112, being exploited by the Advanced Persistent Threat (APT) group known as Void Banshee. This vulnerability allowed attackers to execute malicious code on Windows systems by leveraging the MHTML protocol handler and x-usc directives through internet shortcut (.URL) files. Despite Internet Explorer being disabled on most modern Windows systems, Void Banshee found a way to use it to run malicious files, particularly targeting users with the Atlantida info-stealer malware. This malware is designed to steal sensitive data such as passwords and cookies from various applications.
Void Banshee distributed their malicious files disguised as PDFs within zip archives, tricking victims into thinking they were legitimate documents. These files were spread across cloud-sharing platforms, Discord servers, and online libraries, focusing their attacks primarily in North America, Europe, and Southeast Asia. The discovery of CVE-2024-38112 underscores the ongoing risk posed by outdated Windows features, even after official support has ended, serving as a reminder of the importance of keeping software up to date and vigilant about potential threats.
To mitigate this vulnerability, Microsoft released patches as part of the July 2024 Patch Tuesday, unregistering the MHTML handler from Internet Explorer to prevent future exploits.
https://www.trendmicro.com/en_us/research/24/g/CVE-2024-38112-void-banshee.html
#cybersecurity #windows #internetexplorer #vulnerability #apt #voidbanshee #mhtml #protocol #url #malware #atlantida #pdf #zip #discord #servers #cve #trendmicro #zdi #patchtuesday
