Financial traders should pay attention to the DarkMe malware from the Water Hydra group. It can use the Zero-Day Vulnerability in Microsoft Defender SmartScreen to attack PCs. MiniTool Software reminds you not to click on unfamiliar links at will and to keep your system updated.

DarkMe Malware Exploits Microsoft SmartScreen Zero-Day Vulnerability to Target Financial Traders

The Trend Micro Zero Day Initiative discovered the vulnerability CVE-2024-21412, tracked as ZDI-CAN-23100. Trend Micro has sent an alert to Microsoft. This malware is a sophisticated zero-day attack chain orchestrated by the advanced persistent threat (APT) group known as Water Hydra (also identified as DarkCasino), which targeted financial market traders, leveraging a bypass of Microsoft Defender SmartScreen.

Starting in late December 2023, Trend Micro’s monitoring efforts detected a campaign by the Water Hydra group employing analogous tools, tactics, and procedures (TTPs), which included the exploitation of internet shortcuts (.URL) and WebDAV components. The threat actor exploited CVE-2024-21412 within this attack sequence to circumvent Microsoft Defender SmartScreen and deploy the DarkMe malware onto victims’ systems.

What Is the Water Hydra APT Group?

First identified in 2021, the Water Hydra group quickly gained notoriety for its focus on the financial sector, launching attacks against banks, cryptocurrency platforms, forex and stock trading platforms, gambling sites, and casinos globally.

Initially, the group’s activities were attributed to the Evilnum APT group, as they employed similar phishing techniques and other tactics, techniques, and procedures (TTPs). However, in September 2022, researchers at NSFOCUS discovered the VisualBasic remote access tool (RAT) known as DarkMe within a campaign dubbed DarkCasino, which specifically targeted European traders and gambling platforms.

By November 2023, following several consecutive campaigns, including one utilizing the widely known WinRAR code execution vulnerability CVE-2023-38831 to target stock traders, it became clear that Water Hydra operated as a distinct APT group separate from Evilnum.

You can find more information from this blog: CVE-2024-21412: Water Hydra Targets Traders With Microsoft Defender SmartScreen Zero-Day.

How to Protect Your Device from the DarkMe Malware?

To avoid the attacks from the DarkMe malware, you can do the following things:

Don’t Open Unfamiliar Links

In its February Patch Tuesday update, Microsoft addressed a vulnerability and cautioned that a malicious actor could exploit it by sending a meticulously crafted file to the intended recipient, thus bypassing the established security measures.

However, for the attack to succeed, the recipient must click on the file link and access the content controlled by the attacker.

According to Trend Micro’s analysis, the infection process involves leveraging CVE-2024-21412 to deploy a malicious installer file named 7z.msi.

This occurs when the recipient interacts with the malicious link (fxbulls[.]ru), typically distributed via Forex Trading forums.

Disguised as a link to a stock chart image, the URL actually directs users to an internet shortcut file named (photo_2023-12-29.jpg.url).

So, to protect your device from the DarkMe malware, you should not click to open any suspicious links.

How to Protect Your Computer from Viruses? (12 Methods)
How to Protect Your Computer from Viruses? (12 Methods)

In this post, we will show you how to protect your computer from viruses through different methods and a free file recovery tool to rescue your lost data.

Read More

Keep Your Windows Up-to-Date

Microsoft keeps releasing updates for Windows and these updates always contain fixes for the found vulnerabilities and updates for Windows Security. To keep your computer safe, you should install the latest Windows updates if they are available.

  • In Windows 10, you can go to Start > Settings > Update & Security to check for updates and install available updates.
  • In Windows 11, you can go to Start > Settings > Windows Update to check for updates and install available updates.

In addition, you can enable automatic updates on your Windows computer.

Use Anti-Virus Software

Anti-virus software is also a necessity to avoid the threats from the DarkMe malware, as well as other kinds of malware. For example, you’d better enable all necessary protection features in Windows Security. Additionally, you can also install third-party anti-virus software like Bitdefender Antivirus, Norton AntiVirus, and McAfee AntiVirus.

How to Enable or Disable Microsoft Defender in Windows 11?
How to Enable or Disable Microsoft Defender in Windows 11?

Do you know how to enable or disable Microsoft Defender in Windows 11? In this post, we will show you a full guide.

Read More

How to Safeguard Your Data and System on a PC?

Data Backup

You can use Windows backup software to back up your files and system on the computer. Windows has built-in tools like File History and System Restore to help you make a backup.

If you want to use third-party backup software, you can try MiniTool ShadowMaker. This backup utility can back up files, folders, partitions, disks, and systems to any Windows-detected storage device.

MiniTool ShadowMaker TrialClick to Download100%Clean & Safe

MiniTool ShadowMaker

Data Recovery

If you want to recover the deleted or lost files, you can try MiniTool Power Data Recovery. This data restore tool can recover files from hard drives, SSDs, USB flash drives, memory cards, etc.

MiniTool Power Data Recovery FreeClick to Download100%Clean & Safe

MiniTool Power Data Recovery

Now, you know what you can do to face the DarkMe malware. Just be careful when surfing the internet.

  • linkedin
  • reddit

About The Author

Stella
Stella

Position: Columnist

Stella has been working in MiniTool Software as an English Editor for more than 8 years. Her articles mainly cover the fields of data recovery including storage media data recovery, phone data recovery, and photo recovery, videos download, partition management, and video & audio format conversions.