Home > Cyber News > Custom Windows 10 Themes Can Be Abused To Steal User Credentials
CYBER NEWS

Custom Windows 10 Themes Can Be Abused To Steal User Credentials

by   |  Last Update:  |  0 Comments  

A security researcher has discovered that Windows 10 themes can be used to steal users’ data using a technique called pass-the-hash. This is possible to a loophole found in the operating system that is used to allow the loading of custom themes.




Windows 10 Custom Themes Can Be Abused And Used To Steal Users Data

Windows 10 allows for the installation of custom themes by the users and this has recently been discovered to be an entry point for abuse. The warning came from the security researcher Jimmy Bayne who discovered a dangerous loophole that can be taken advantage of by hackers. This comes from the ability to install themes from a third-party site or repository. The expert notes that malicious users can take advantage of the ability to execute an attack model called Pass-The-Hash.

By design, this commands hackers to create themes with malware code that will execute a preset behavior sequence when the theme is activated. Upon doing so the users will be shown a prompt that will ask them to enter in their credentials. The theme will actually redirect the pages to a specially created web page that includes this form.

Related: [wplinkpreview url=”https://sensorstechforum.com/ransomware-binance-exchange/”] Ransomware Hackers Use Binance to Exchange Cryptocurrency Despite The Site’s Countermeasures

The .theme file which is associated with a given theme choice can be programmed to change the default wallpaper setting to a website. If the users enter their computer login credentials the will be forwarded to the hackers. Even though the information is stored in a secured NTLM hash it can easily be decrypted using special software. Such attacks are very dangerous when as they can be used in combination with other types of malware in coordinating advanced infections.

Possible countermeasures that computer administrators can take will be to restrict the installations by blocking the theme extensions files. When workgroup computers are concerned a group policy can b used to restrict the sending of NTLM credentials to remote hosts. However, this can interfere with some enterprise setups that use this approach for remote login. This information was reported to Microsoft however at this moment the issue will not be fixed as the company staff said that this is a “feature by design”.

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts

Follow Me:
Twitter

Related posts:
  1. How to Remove Phishing Scams in 2021 This article has been created in order to help you...
  2. Cool New Tab Theme Mac Removal What Is Cool New Tab Theme? Cool New Tab Theme...
  3. Binance Email Scam Virus – How to Remove It [Free Fix] What Is Binance Email Scam Binance Email Scam is the...
  4. Binance Lost Nearly $41 Million in Bitcoin in a Well-Orchestrated Hack A cryptocurrency heist of great proportion has hit one of...
  5. Binance Hacked? – KYC Data Leak Leads to 300BTC Ransom Probably the world’s largest coin exchanges has begun an investigation...
  6. Evernote Vulnerability Abused To Steal Files From Victim Users A new Evernote vulnerability was recently announced which has been...
  7. BothanSpy, Gyrfalcon CIA Implants for Windows, Linux Steal SSH Credentials BothanSpy and Gyrfalcon are the names of the latest CIA...
  8. Beware: Bizarro Banking Trojan Can Steal Login Credentials for 70 Banks Cybersecurity researchers just revealed a new dangerous banking trojan originating...

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree