How serious is the situation?

Phemedrone Thief It specializes in stealing sensitive data stored in web browsers, cryptocurrency wallets, and messaging clients such as Telegram, Steam, and Discord.

It uses a variety of tactics, such as taking screenshots and gathering information about hardware, location, and operating system. The stolen information is then sent to the control server or remains via Telegram.

How does the virus work?

An important feature of the virus is that it exploits a vulnerability in the Windows Defender SmartScreen filter, specifically identified as CVE-2023-36025 and has a severity rating of 8.8 out of 10.

To exploit this vulnerability, an attacker must create a URL file and force the victim to open this URL file.

Trend Micro highlighted the increasing threat posed by the Phemedrone Stealer virus and noted that demos and proof-of-concept code showing the CVE-2023-36025 exploit circulating on social media had attracted public attention.

Since the discovery of this vulnerability, there has been a significant increase in the number of malicious campaigns deploying Phemedrone Stealer using this vulnerability in their attack chains.

Users are strongly advised to ensure that their systems have the latest security patches installed and to exercise caution when interacting with unfamiliar files or links to reduce the risk of falling victim to this widespread cyber threat.