spearfishing

The ZDI threat hunting team discovered and analyzed samples exploiting CVE-2024-38112, which allowed attackers to run and execute files and websites through the disabled IE process by exploiting MSHTML. The vulnerability was used in a spearfishing campaign by the operators behind Void Banshee, targeting victims in North America, Europe, and Southeast Asia. The campaign distributed malicious files disguised as PDFs through cloud sharing websites, Discord servers, and online libraries. The malware used in the campaign, Atlantida stealer, targets sensitive information from various applications and can collect system information and geolocation data. The exploitation tactic is similar to another MSHTML vulnerability, CVE-2021-40444, and both have been patched by Microsoft. Unsupported Windows relics like Internet Explorer are an overlooked attack surface that can still be exploited by threat actors. Organizations should keep their software updated to protect themselves from security vulnerabilities.