TLDR:
Void Banshee is exploiting a critical MSHTML vulnerability to distribute the Atlantida InfoStealer malware. The vulnerability, CVE-2024-38112, allows attackers to execute malicious code through URL files in Internet Explorer. Users are tricked into downloading an archive containing PDF books, which actually installs the Atlantida stealer. This malware targets login information from various applications. Void Banshee is a sophisticated threat actor known for deploying advanced malware. Users must remain vigilant and adopt robust security measures to protect their sensitive information.
Article:
Void Banshee, a threat actor, has been exploiting a critical MSHTML vulnerability, CVE-2024-38112, to distribute the Atlantida InfoStealer malware. This sophisticated campaign has targeted unsuspecting users by attracting PDF books distributed via various public platforms, including online libraries and Discord servers.
CVE-2024-38112 is a vulnerability in MSHTML, Internet Explorer’s rendering engine. Despite Internet Explorer being disabled, attackers have found a way to abuse it. URL files to execute malicious code. According to Broadcom report, this vulnerability has become a crucial vector for distributing the Atlantida InfoStealer, a malware designed to exfiltrate sensitive information from compromised systems.
Users are lured into downloading archives that supposedly contain PDF books. These archives are shared across multiple platforms, making them accessible to a broad audience. Once users download and open the archive, they are tricked into executing the Atlantida stealer. This malware begins its nefarious activities, targeting login information from applications such as Telegram, Steam, various offline cryptocurrency wallets, and browser-stored data.
Void Banshee, the group behind this campaign, has been identified as a sophisticated threat actor with a history of deploying advanced malware. Their latest campaign leveraging CVE-2024-38112 showcases their ability to exploit even the most obscure vulnerabilities to achieve their objectives. All WebPulse-enabled products cover observed domains and IPs associated with this campaign under security categories, ensuring comprehensive web protection.
The exploitation of CVE-2024-38112 by Void Banshee to distribute Atlantida InfoStealer underscores the evolving nature of cyber threats. Users must remain vigilant and adopt robust security measures to protect their sensitive information. Symantec’s comprehensive security solutions provide a formidable defense against such sophisticated attacks, ensuring that users can confidently navigate the digital landscape.
Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo