Hackers Exploiting MSHTML vulnerability to Deliver Atlantida Malware

Void Banshee, a possibility actor, has been exploiting a severe MSHTML vulnerability, CVE-2024-38112, to distribute the Atlantida InfoStealer malware.

This sophisticated campaign has targeted unsuspecting users by attracting PDF books distributed via diverse public platforms, including on-line libraries and Discord servers.

The Exploit: CVE-2024-38112

CVE-2024-38112 is a vulnerability in MSHTML, Cyber web Explorer’s rendering engine. Despite Cyber web Explorer being disabled, attackers have learned a technique to abuse it. URL files to develop malicious code.

Fixed with Broadcom characterize, this vulnerability has turned into a significant vector for distributing the Atlantida InfoStealer, a malware designed to exfiltrate gentle files from compromised programs.

The Attack Vector

Customers are lured into downloading archives that supposedly comprise PDF books. These archives are shared across multiple platforms, making them accessible to a huge viewers. As soon as users receive and open the archive, they are tricked into executing the Atlantida stealer.

This malware begins its scary actions, concentrating on login files from applications corresponding to Telegram, Steam, diverse offline cryptocurrency wallets, and browser-kept files.

Void Banshee, the group in the abet of this campaign, has been identified as a trendy possibility actor with a history of deploying developed malware.

Their newest campaign leveraging CVE-2024-38112 showcases their capability to utilize even the most imprecise vulnerabilities to develop their targets.

All WebPulse-enabled merchandise quilt seen domains and IPs connected to this campaign under safety courses, guaranteeing total web safety.

The exploitation of CVE-2024-38112 by Void Banshee to distribute Atlantida InfoStealer underscores the evolving nature of cyber threats. Customers have to dwell vigilant and undertake sturdy safety measures to guard their gentle files.

Symantec’s total safety solutions provide a dauntless protection towards such sophisticated attacks, guaranteeing that users can confidently navigate the digital panorama.