In a recent report released by Check Point Research, it has been revealed that attackers have been utilizing a unique method to target victims using retired Internet Explorer (IE) and malicious HTA files. According to the report, the attackers have been employing special Windows Internet Shortcut files with a .url extension name, which, when clicked, would trigger IE to visit a URL controlled by the attackers.
Once the victim clicks on the malicious URL, a malicious HTA file is downloaded and prompts the user to open it. Upon opening the file, a script is executed to install the Atlantida info-stealer, which is designed to steal sensitive information from the victim’s system.
What makes this attack even more sophisticated is that the HTA files used by the attackers exploit CVE-2024-43461 to conceal the HTA file extension, making it appear as a harmless PDF file when prompted to be opened by Windows. However, Microsoft has released a fix for this vulnerability that allows Windows to display the actual .hta extension, alerting users to the malicious nature of the download.
This attack highlights the evolving tactics of cybercriminals who are constantly finding new ways to exploit vulnerabilities and target unsuspecting victims. It also underscores the importance of prompt software updates and security patches to protect against such threats.
In response to this threat, users are advised to exercise caution when clicking on unknown URLs and downloading files from untrusted sources. Additionally, keeping software and security programs up to date can help prevent such attacks from being successful.
Overall, this report serves as a reminder of the ever-present dangers of cyber threats and the importance of staying vigilant in the face of evolving tactics used by malicious actors. Stay informed, stay updated, and stay safe in the digital world.