Trend Micro revealed that the zero-day vulnerability CVE-2024-21412, fixed by Microsoft in its recent Patch Tuesday updates, has been exploited by threat groups Water Hydra and DarkCasino to target financial market traders. Discovered during Trend Micro’s analysis of a Water Hydra campaign in late December 2023, the vulnerability bypasses Microsoft Defender SmartScreen, enabling the delivery of the DarkMe malware to victims. DarkMe facilitates various malicious actions, including folder enumeration and shell command execution. Water Hydra, previously linked to the EvilNum group, primarily targets the financial sector using internet shortcuts and WebDAV components to trick users into clicking on malicious files. The vulnerability affects multiple Windows versions and allows attackers to exploit users by convincing them to open specially crafted files.

Read more: https://www.securityweek.com/windows-zero-day-exploited-in-attacks-on-financial-market-traders/