{"id":1395,"date":"2024-03-16T04:30:52","date_gmt":"2024-03-16T04:30:52","guid":{"rendered":"https:\/\/tastycounter.net\/index.php\/2024\/03\/16\/phat-hien-lo-hong-windows-smartscreen-dang-bi-khai-thac-de-phat-tan-ma-doc-darkgate\/"},"modified":"2024-03-16T04:30:52","modified_gmt":"2024-03-16T04:30:52","slug":"phat-hien-lo-hong-windows-smartscreen-dang-bi-khai-thac-de-phat-tan-ma-doc-darkgate","status":"publish","type":"post","link":"https:\/\/tastycounter.net\/index.php\/2024\/03\/16\/phat-hien-lo-hong-windows-smartscreen-dang-bi-khai-thac-de-phat-tan-ma-doc-darkgate\/","title":{"rendered":"Ph\u00e1t hi\u1ec7n l\u1ed7 h\u1ed5ng Windows SmartScreen \u0111ang b\u1ecb khai th\u00e1c \u0111\u1ec3 ph\u00e1t t\u00e1n m\u00e3 \u0111\u1ed9c DarkGate"},"content":{"rendered":"<\/p>\n<div class=\"content-detail textview\">\n<div class=\"audio\"><audio controls><\/audio><\/div>\n<p>M\u1ed9t l\u00e0n s\u00f3ng t\u1ea5n c\u00f4ng m\u1edbi c\u1ee7a ho\u1ea1t \u0111\u1ed9ng ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i DarkGate khai th\u00e1c l\u1ed7 h\u1ed5ng trong Windows Defender SmartScreen hi\u1ec7n \u0111\u00e3 \u0111\u01b0\u1ee3c n\u00e2ng c\u1ea5p, v\u1edbi kh\u1ea3 n\u0103ng v\u01b0\u1ee3t qua h\u00e0ng r\u00e0o ki\u1ec3m tra b\u1ea3o m\u1eadt v\u00e0 t\u1ef1 \u0111\u1ed9ng c\u00e0i \u0111\u1eb7t tr\u00ecnh c\u00e0i \u0111\u1eb7t ph\u1ea7n m\u1ec1m gi\u1ea3 m\u1ea1 tr\u00ean h\u1ec7 th\u1ed1ng m\u1ee5c ti\u00eau.<\/p>\n<p>SmartScreen l\u00e0 m\u1ed9t t\u00ednh n\u0103ng b\u1ea3o m\u1eadt c\u1ee7a Windows, c\u00f3 ch\u1ee9c n\u0103ng hi\u1ec3n th\u1ecb c\u1ea3nh b\u00e1o khi ng\u01b0\u1eddi d\u00f9ng c\u1ed1 ch\u1ea1y c\u00e1c t\u1ec7p kh\u00f4ng \u0111\u01b0\u1ee3c nh\u1eadn d\u1ea1ng ho\u1eb7c \u0111\u00e1ng ng\u1edd t\u1ea3i xu\u1ed1ng t\u1eeb internet. L\u1ed7 h\u1ed5ng \u0111\u01b0\u1ee3c theo d\u00f5i c\u00f3 m\u00e3 \u0111\u1ecbnh danh CVE-2024-21412, v\u1ed1n l\u00e0 m\u1ed9t v\u1ea5n \u0111\u1ec1 t\u1ed3n t\u1ea1i trong SmartScreen c\u1ee7a Windows Defender, cho ph\u00e9p c\u00e1c t\u1ec7p t\u1ea3i xu\u1ed1ng \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf \u0111\u1eb7c bi\u1ec7t c\u00f3 th\u1ec3 b\u1ecf qua c\u00e1c c\u1ea3nh b\u00e1o b\u1ea3o m\u1eadt t\u1eeb c\u00f4ng c\u1ee5 n\u00e0y.<\/p>\n<p>Nh\u1eefng k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 khai th\u00e1c l\u1ed7 h\u1ed5ng b\u1eb1ng c\u00e1ch t\u1ea1o m\u1ed9t shortchut Windows Internet (t\u1ec7p .url) tr\u1ecf \u0111\u1ebfn m\u1ed9t t\u1ec7p .url kh\u00e1c \u0111\u01b0\u1ee3c l\u01b0u tr\u1eef tr\u00ean SMB share t\u1eeb xa. Thao t\u00e1c n\u00e0y s\u1ebd khi\u1ebfn t\u1ec7p \u1edf v\u1ecb tr\u00ed cu\u1ed1i c\u00f9ng \u0111\u01b0\u1ee3c th\u1ef1c thi t\u1ef1 \u0111\u1ed9ng.<\/p>\n<p>CVE-2024-21412 \u0111\u00e3 \u0111\u01b0\u1ee3c Microsoft v\u00e1 v\u00e0o gi\u1eefa th\u00e1ng 2, nh\u01b0ng c\u00f3 v\u1ebb b\u1ea3n c\u1eadp nh\u1eadt n\u00e0y ch\u01b0a th\u1ef1c s\u1ef1 \u0111\u01b0\u1ee3c \u00e1p d\u1ee5ng tri\u1ec7t \u0111\u1ec3. Tr\u01b0\u1edbc \u0111\u00f3, Trend Micro ti\u1ebft l\u1ed9 r\u1eb1ng m\u1ed9t nh\u00f3m hacker nh\u1eafm m\u1ee5c ti\u00eau t\u00e0i ch\u00ednh c\u00f3 nickname Water Hydra \u0111\u00e3 khai th\u00e1c th\u00e0nh c\u00f4ng l\u1ed7 h\u1ed5ng n\u00e0y nh\u01b0 m\u1ed9t zero-day \u0111\u1ec3 ph\u00e1t t\u00e1n ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i DarkMe c\u1ee7a h\u1ecd v\u00e0o h\u1ec7 th\u1ed1ng c\u1ee7a c\u00e1c nh\u00e0 giao d\u1ecbch.<\/p>\n<p>H\u00f4m nay, c\u00e1c nh\u00e0 ph\u00e2n t\u00edch c\u1ee7a Trend Micro ti\u1ebfp t\u1ee5c ph\u00e1t \u0111i th\u00f4ng b\u00e1o kh\u1ea9n v\u1ec1 vi\u1ec7c nh\u1eefng k\u1ebb \u0111\u1ee9ng sau m\u00e3 \u0111\u1ed9c DarkGate \u0111ang tri\u1ec3n khai m\u1ed9t l\u00e0n s\u00f3ng t\u1ea5n c\u00f4ng m\u1edbi, khai th\u00e1c l\u1ed7 h\u1ed5ng t\u01b0\u01a1ng t\u1ef1 \u0111\u1ec3 c\u1ea3i thi\u1ec7n c\u01a1 h\u1ed9i l\u00e2y nhi\u1ec5m th\u00e0nh c\u00f4ng tr\u00ean c\u00e1c h\u1ec7 th\u1ed1ng b\u1ecb nh\u1eafm m\u1ee5c ti\u00eau.<\/p>\n<h2>Chi ti\u1ebft cu\u1ed9c t\u1ea5n c\u00f4ng DarkGate<\/h2>\n<div id=\"articleads\" class=\"adbox adsense in-article\"><ins class=\"adsbygoogle\" style=\"text-align:center\" data-ad-format=\"fluid\" data-ad-layout=\"in-article\" data-ad-client=\"ca-pub-9275417305531302\" data-ad-slot=\"2079243249\"><\/ins><\/div>\n<p>Cu\u1ed9c t\u1ea5n c\u00f4ng b\u1eaft \u0111\u1ea7u b\u1eb1ng m\u1ed9t email \u0111\u1ed9c h\u1ea1i bao g\u1ed3m t\u1ec7p \u0111\u00ednh k\u00e8m PDF c\u00f3 ch\u1ee9a li\u00ean k\u1ebft s\u1eed d\u1ee5ng c\u00e1c chuy\u1ec3n h\u01b0\u1edbng m\u1edf t\u1eeb d\u1ecbch v\u1ee5 DoubleClick Digital Marketing (DDM) c\u1ee7a Google \u0111\u1ec3 v\u01b0\u1ee3t qua ki\u1ec3m tra b\u1ea3o m\u1eadt email.<\/p>\n<p>Khi n\u1ea1n nh\u00e2n nh\u1ea5p v\u00e0o li\u00ean k\u1ebft, h\u1ecd s\u1ebd \u0111\u01b0\u1ee3c chuy\u1ec3n h\u01b0\u1edbng \u0111\u1ebfn m\u1ed9t m\u00e1y ch\u1ee7 web l\u01b0u tr\u1eef m\u1ed9t t\u1ec7p shortcut internet. T\u1ec7p shortcut (.url) n\u00e0y l\u1ea1i li\u00ean k\u1ebft \u0111\u1ebfn m\u1ed9t t\u1ec7p shortcut th\u1ee9 hai \u0111\u01b0\u1ee3c l\u01b0u tr\u1eef tr\u00ean m\u00e1y ch\u1ee7 WebDAV do k\u1ebb t\u1ea5n c\u00f4ng ki\u1ec3m so\u00e1t.<\/p>\n<figure><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/st.quantrimang.com\/photos\/image\/holder.png\" alt=\"Khai th\u00e1c l\u1ed7 h\u1ed5ng SmartScreen CVE-2024-21412\" width=\"640\" height=\"188\" class=\"lazy\" data-src=\"https:\/\/st.quantrimang.com\/photos\/image\/2024\/03\/15\/lo-hong-windows-smartscreen-dang-bi-khai-thac1.jpg\"><figcaption>Khai th\u00e1c l\u1ed7 h\u1ed5ng SmartScreen CVE-2024-21412<\/figcaption><\/figure>\n<p>Vi\u1ec7c s\u1eed d\u1ee5ng m\u1ed9t Windows Shortcut \u0111\u1ec3 m\u1edf Shortcut th\u1ee9 hai tr\u00ean m\u00e1y ch\u1ee7 t\u1eeb xa s\u1ebd khai th\u00e1c hi\u1ec7u qu\u1ea3 l\u1ed7 h\u1ed5ng CVE-2024-21412, khi\u1ebfn t\u1ec7p MSI \u0111\u1ed9c h\u1ea1i t\u1ef1 \u0111\u1ed9ng th\u1ef1c thi tr\u00ean thi\u1ebft b\u1ecb.<\/p>\n<figure><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/st.quantrimang.com\/photos\/image\/holder.png\" alt=\"Shortcut URL th\u1ee9 hai t\u1ef1 \u0111\u1ed9ng c\u00e0i \u0111\u1eb7t t\u1ec7p MSI\" width=\"640\" height=\"115\" class=\"lazy\" data-src=\"https:\/\/st.quantrimang.com\/photos\/image\/2024\/03\/15\/lo-hong-windows-smartscreen-dang-bi-khai-thac2.jpg\"><figcaption>Shortcut URL th\u1ee9 hai t\u1ef1 \u0111\u1ed9ng c\u00e0i \u0111\u1eb7t t\u1ec7p MSI<\/figcaption><\/figure>\n<p>C\u00e1c t\u1ec7p MSI n\u00e0y \u0111\u01b0\u1ee3c gi\u1ea3 m\u1ea1o l\u00e0 ph\u1ea7n m\u1ec1m h\u1ee3p ph\u00e1p c\u1ee7a NVIDIA, \u1ee9ng d\u1ee5ng Apple iTunes ho\u1eb7c Notion.<\/p>\n<p>Khi th\u1ef1c thi tr\u00ecnh c\u00e0i \u0111\u1eb7t MSI, m\u1ed9t l\u1ed7 h\u1ed5ng t\u1ea3i DLL kh\u00e1c li\u00ean quan \u0111\u1ebfn t\u1ec7p &#8220;libcef.dll&#8221; v\u00e0 tr\u00ecnh t\u1ea3i c\u00f3 t\u00ean &#8220;sqlite3.dll&#8221; s\u1ebd gi\u1ea3i m\u00e3, v\u00e0 th\u1ef1c thi t\u1ea3i tr\u1ecdng ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i DarkGate tr\u00ean h\u1ec7 th\u1ed1ng.<\/p>\n<p>Sau khi \u0111\u01b0\u1ee3c kh\u1edfi t\u1ea1o, ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i c\u00f3 th\u1ec3 \u0111\u00e1nh c\u1eafp d\u1eef li\u1ec7u, t\u00ecm n\u1ea1p c\u00e1c t\u1ea3i tr\u1ecdng b\u1ed5 sung v\u00e0 \u0111\u01b0a ch\u00fang v\u00e0o c\u00e1c ti\u1ebfn tr\u00ecnh \u0111ang ch\u1ea1y, th\u1ef1c hi\u1ec7n ghi nh\u1eadt k\u00fd key v\u00e0 c\u1ea5p cho k\u1ebb t\u1ea5n c\u00f4ng quy\u1ec1n truy c\u1eadp t\u1eeb xa theo th\u1eddi gian th\u1ef1c.<\/p>\n<p>Chu\u1ed7i l\u00e2y nhi\u1ec5m ph\u1ee9c t\u1ea1p v\u00e0 nhi\u1ec1u b\u01b0\u1edbc \u0111\u01b0\u1ee3c nh\u1eefng k\u1ebb khai th\u00e1c DarkGate s\u1eed d\u1ee5ng k\u1ec3 t\u1eeb gi\u1eefa th\u00e1ng 1 n\u0103m 2024 c\u00f3 t\u00f3m g\u1ecdn trong s\u01a1 \u0111\u1ed3 b\u00ean d\u01b0\u1edbi:<\/p>\n<figure><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/st.quantrimang.com\/photos\/image\/holder.png\" alt=\"Chu\u1ed7i l\u00e2y nhi\u1ec5m DarkGate\" width=\"1600\" height=\"691\" class=\"lazy\" data-src=\"https:\/\/st.quantrimang.com\/photos\/image\/2024\/03\/15\/lo-hong-windows-smartscreen-dang-bi-khai-thac3.jpg\"><figcaption>Chu\u1ed7i l\u00e2y nhi\u1ec5m DarkGate<\/figcaption><\/figure>\n<div id=\"articleads2\" class=\"adbox in-article adsense\"><ins class=\"adsbygoogle\" style=\"text-align:center\" data-ad-format=\"fluid\" data-ad-layout=\"in-article\" data-ad-client=\"ca-pub-9275417305531302\" data-ad-slot=\"4889239415\"><\/ins><\/div>\n<p>Trend Micro cho bi\u1ebft chi\u1ebfn d\u1ecbch n\u00e0y s\u1eed d\u1ee5ng DarkGate phi\u00ean b\u1ea3n 6.1.7. So v\u1edbi phi\u00ean b\u1ea3n 5 c\u0169 h\u01a1n, phi\u00ean b\u1ea3n 6 c\u00f3 c\u1ea5u h\u00ecnh \u0111\u01b0\u1ee3c m\u00e3 h\u00f3a XOR, t\u00f9y ch\u1ecdn c\u1ea5u h\u00ecnh m\u1edbi, c\u0169ng nh\u01b0 c\u1eadp nh\u1eadt v\u1ec1 gi\u00e1 tr\u1ecb l\u1ec7nh v\u00e0 ki\u1ec3m so\u00e1t (C2).<\/p>\n<p>C\u00e1c tham s\u1ed1 c\u1ea5u h\u00ecnh c\u00f3 s\u1eb5n trong DarkGate 6 cho ph\u00e9p ng\u01b0\u1eddi v\u1eadn h\u00e0nh x\u00e1c \u0111\u1ecbnh c\u00e1c chi\u1ebfn thu\u1eadt ho\u1ea1t \u0111\u1ed9ng v\u00e0 k\u1ef9 thu\u1eadt l\u1ea9n tr\u00e1nh kh\u00e1c nhau, ch\u1eb3ng h\u1ea1n nh\u01b0 cho ph\u00e9p kh\u1edfi \u0111\u1ed9ng li\u00ean t\u1ee5c ho\u1eb7c ch\u1ec9 \u0111\u1ecbnh dung l\u01b0\u1ee3ng l\u01b0u tr\u1eef \u0111\u0129a v\u00e0 k\u00edch th\u01b0\u1edbc RAM t\u1ed1i thi\u1ec3u \u0111\u1ec3 tr\u1ed1n tr\u00e1nh m\u00f4i tr\u01b0\u1eddng ph\u00e2n t\u00edch.<\/p>\n<figure><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/st.quantrimang.com\/photos\/image\/holder.png\" alt=\"Th\u00f4ng s\u1ed1 c\u1ea5u h\u00ecnh DarkGate v6\" width=\"887\" height=\"955\" class=\"lazy\" data-src=\"https:\/\/st.quantrimang.com\/photos\/image\/2024\/03\/15\/lo-hong-windows-smartscreen-dang-bi-khai-thac4.jpg\"><figcaption>Th\u00f4ng s\u1ed1 c\u1ea5u h\u00ecnh DarkGate v6<\/figcaption><\/figure>\n<p>Hi\u1ec7n t\u1ea1i, ph\u01b0\u01a1ng \u00e1n duy nh\u1ea5t \u0111\u1ec3 gi\u1ea3m thi\u1ec3u r\u1ee7i ro t\u1eeb c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng n\u00e0y l\u00e0 \u00e1p d\u1ee5ng b\u1ea3n c\u1eadp nh\u1eadt Patch Tuesday th\u00e1ng 2 n\u0103m 2024 c\u1ee7a Microsoft \u0111\u1ec3 s\u1eeda l\u1ed7i CVE-2024-21412.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>M\u1ed9t l\u00e0n s\u00f3ng t\u1ea5n c\u00f4ng m\u1edbi c\u1ee7a ho\u1ea1t \u0111\u1ed9ng ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i DarkGate khai th\u00e1c l\u1ed7 h\u1ed5ng trong Windows Defender SmartScreen hi\u1ec7n \u0111\u00e3 \u0111\u01b0\u1ee3c n\u00e2ng c\u1ea5p, v\u1edbi kh\u1ea3 n\u0103ng v\u01b0\u1ee3t qua h\u00e0ng r\u00e0o ki\u1ec3m tra b\u1ea3o m\u1eadt v\u00e0 t\u1ef1 \u0111\u1ed9ng c\u00e0i \u0111\u1eb7t tr\u00ecnh c\u00e0i \u0111\u1eb7t ph\u1ea7n m\u1ec1m gi\u1ea3 m\u1ea1 tr\u00ean h\u1ec7 th\u1ed1ng m\u1ee5c ti\u00eau. [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1396,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1395","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-khong-phan-loai"],"_links":{"self":[{"href":"https:\/\/tastycounter.net\/index.php\/wp-json\/wp\/v2\/posts\/1395","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tastycounter.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tastycounter.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tastycounter.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tastycounter.net\/index.php\/wp-json\/wp\/v2\/comments?post=1395"}],"version-history":[{"count":0,"href":"https:\/\/tastycounter.net\/index.php\/wp-json\/wp\/v2\/posts\/1395\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/tastycounter.net\/index.php\/wp-json\/wp\/v2\/media\/1396"}],"wp:attachment":[{"href":"https:\/\/tastycounter.net\/index.php\/wp-json\/wp\/v2\/media?parent=1395"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tastycounter.net\/index.php\/wp-json\/wp\/v2\/categories?post=1395"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tastycounter.net\/index.php\/wp-json\/wp\/v2\/tags?post=1395"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}