Your Passwords Are At Risk — New Windows XFiles Attack Confirmed
Windows passwords come under attack from XFiles threat.
Two things that are guaranteed to strike fear into the hearts of anyone concerned about cybersecurity attacks are Windows and passwords. Combine the two, and you have the basis of what can be something of a security nightmare. With Microsoft account password spraying attacks and warnings over opening specific Outlook files in the news as Windows email, passwords and 2FA codes come under attack, this is kind of understandable. Now, with confirmation of a password-stealing threat called XFiles, is there even more cause for concern? The truth, as they say, is out there.
A group of self-proclaimed elite threat hunters and cyber analysts has issued a warning that attackers deploying a malware payload called Xfiles, also known as DeerStealer, are targeting Windows users in order to compromise passwords that can then be sold on dark web criminal marketplaces.
A June 12 report published by the eSentire Threat Response Unit has revealed how, throughout May, threats actors have been using the XFiles payload in order to steal Windows passwords that can then be sold by a dark web user known only as LuciferXfiles.
The methods employed are sadly all too familiar, involving ClickFix attacks during the initial access process. These tech support scams combine seemingly genuine offers of help regarding security issues surrounding account activity with fake ID Captcha prompts that involve executing malicious commands using the Windows Run prompt.
Should the victim get to this stage, they will then download something called HijackLoader, often obfuscated using an encrypted PNG image, that downloads the real payload, the XFiles infostealer malware to compromise passwords, browser 2FA session cookies, instant messages and more.
Read the full report for a detailed technical analysis of the entire attack chain. When it comes to mitigation, however, the eSentire TRU advice is clear:
I would have to add to this that opening the Windows Run prompt and pasting the clipboard's content, which is how ClickFix attacks work, is hardly conducive to good security practice or, frankly, common sense. I mean, how many Captcha or I Am Not A Robot tests have ever asked you to do that? The answer is zero. Protect your passwords by not being tricked into doing something that is so obviously out of the ordinary.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Gizmodo
27 minutes ago
- Gizmodo
Amazon Offers HP Touchscreen Laptop (64GB RAM, 2TB SSD) for 56% Off as It Unveils 2025 Prime Day Plans
A great laptop can take a frustrating work situation and make it much more palatable. The only catch is that laptops can often be super expensive, and you don't want to spend an entire paycheck on one. Here's some good news: you don't have to! You might want to naturally gravitate toward the flashier options Run to Amazon right now to get the HP Flagship Touchscreen Laptop for $660, down from its usual price of $1,500. That's $840 off and a discount of 56%. For this price, you get a 15.6-inch touchscreen, an Intel i3 121rU processor, Windows 11 Pro, a lifetime subscription to Microsoft Office, and a complete laptop accessory bundle with a mousepad and mouse. It's everything you need to get you started building a home office and then some. See at Amazon A laptop that can keep up with you for less Even at this low price, this laptop is more than capable of running office apps, hopping on video calls, and even light photo editing. It comes with 64GB of RAM, which gives you enough headroom to multitask without lag or slowdown. Whether you're flipping between Excel, Spotify, and a Zoom call, it's built to make sure you don't have to worry about not keeping up. When you have a fast-paced office job, that's obviously important. The 2TB SSD is a great option too, especially in this price range. You can store just about as many photos, files, videos, and PowerPoints as you like. And because it's solid-state, things will be a lot more snappy about loading than they would with a traditional hard drive. It also supports Wi-Fi 6, so if you've got a modern router, you'll notice faster, more stable internet performance. With Bluetooth included as well, connecting headphones, mice, or other accessories is super simple. In fact, you might notice that it's a little easier than usual when you use devices that are engineered to actually work with this setup. Weighing in at just under four pounds, it's light enough to carry around campus or on your commute. And if you'd rather use it at home for something like a desktop replacement, you can do that with it as well. Remember, it's just $660, and it usually goes for a whopping $1,500. You'd have to be crazy (or maybe super rich) if you don't see this as a great deal. Be sure to get yours while the getting is good, and see what you can do with these extra productivity points. See at Amazon
Yahoo
33 minutes ago
- Yahoo
OpenAI's $3 Billion Windsurf buy sparks Microsoft IP clash
OpenAI's $3 billion acquisition of coding startup Windsurf has reportedly strained its deep partnership with Microsoft (NASDAQ:MSFT) over access to AI intellectual property. According to a Wall Street Journal report, the deal terms give OpenAI pause about extending Microsoft's existing access to Windsurf's technology, even though Microsoft currently holds rights to all of OpenAI's IP under their multibillion-dollar investment agreement. The report says OpenAI doesn't want to grant Microsoft the same level of access to Windsurf's code. Warning! GuruFocus has detected 6 Warning Sign with MSFT. Both companies downplayed tensions, telling the WSJ they have a long-term, productive partnership and remain in talks optimistic we will continue to build together for years to come. The frictions come amid Microsoft's growing stake in OpenAIit initially invested $1 billion in 2019 and has since poured in roughly $13 billionand as OpenAI transitions to a public benefit corporation, where Microsoft is pushing for a larger equity share than OpenAI is willing to cede. Any wobble in the OpenAI-Microsoft alliance could ripple through the cloud and AI markets. Microsoft's exclusive rights to sell OpenAI's models via Azure and its preferred technology access have been a linchpin of both companies' cloud strategies. Scaling such partnerships without diluting competitive advantagesor investor returnswill test how Big Tech and AI startups navigate IP-sharing, governance and commercial incentives as they race to build next-gen AI services. This article first appeared on GuruFocus. Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
Bloomberg
42 minutes ago
- Bloomberg
How AI Drives Company Transformation
Bloomberg's Sonali Basak, Connie Leung, Senior Director, Regional Industry Leader - Asia, Worldwide Financial Services, Microsoft, Esther Wong, Founder & Chief Investment Officer, 3C AGI Partner discuss how they are investing to ensure the long-term continued growth of their businesses. (Source: Bloomberg)
