ScarCruft used a technique involving pop-up ads to trick victims into clicking on a malicious link. Once infected, the malware captured sensitive data including files, keystrokes, and screenshots.
The zero-day vulnerability used in the attack was tracked as CVE-2024−38,178 and was patched by Microsoft in August 2024. However, researchers found that ScarCruft’s exploit was similar to those it has used in the past; This suggests that the group may have been monitoring Microsoft security updates and adapted its tactics accordingly.
According to the media, the attack underscores that Internet Explorer still poses a threat even after it has been officially discontinued. Therefore, many third-party applications continue to use outdated browser components, leaving them open to abuse.
Source: Ferra
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.
