Hackers Used Windows Theme Packs To Hack Passwords

September 16, 2020

Written by wukovits

Are you a fan of customizing your Windows experience via themes? If so, you’re not alone. While it’s true that themes aren’t used by a majority of Windows users, they’re still highly popular.

If you’re creating your own themes, you don’t have anything to worry about. The danger lies in downloading theme packs from others, especially if you get them from a source you don’t know and trust implicitly.

Clever hackers can now create “poisoned” themes that can be used to steal Windows credentials. Security researcher Jimmy Bayne discovered the new flaw when he stumbled across a poisoned theme capable of tricking unsuspecting users into accessing a remote SMB share that requires authentication.

When the user attempts to access the remote resource that requires a login, Windows responds by automatically trying to log in, using your Windows user name and their hashed password. Naturally, the hacker sets up the attack so that they control the remote resource and thus, is able to harvest the credentials and dehash the password at their leisure.

Microsoft has spent the last few years migrating away from local Windows 10 accounts and is leaning more heavily on the Cloud. This makes the theme-based attack much more likely to succeed.

Even worse, Microsoft has expressed no interest in fixing this particular flaw, because according to a spokesman for the company, it’s working exactly as it is supposed to. That puts regular theme users in something of a bind.

Your first best defense against this type of attack is to make any themes you want to use yourself, or if you download a theme pack, be sure you’re getting it from a trusted source.

Barring that, your only other viable option is to block or re-associate the .theme, .themepack, or .desktopthemepackfile extensions to a different program. This approach, however, will break the theme functionality, so it can only be used by those who don’t need to frequently switch from one theme to another.

It’s not a common attack, but it’s definitely something to be on guard against.

Used with permission from Article Aggregator

Bayou Tech

We provide solutions for your business. Find out how we can help.

Related Articles

New Graphene Technology May Increase Hard Drive Storage

HDDs are old, well understood technology. They haven't changed much in recent years. In fact, increasingly, people are writing them off, preferring SSDs for their greater speed and smaller size, even though HDDs are less expensive. The clever folks at the University...

Some Amazon Device Features May Have Security Risks

Have you heard of Amazon Sidewalk? If not, it's definitely something you should be aware of. Depending on your point of view, the new feature, which was enabled by default on a wide range of Amazon devices by default on June 8 of this year (2021) is either...

Email Unsubscribe Scam Can Easily Fool Any User

Scammers are increasingly relying on a tried and true bit of social engineering to fool unsuspecting users into unwittingly signing up to receive a flood of additional spam email. They accomplish this by blasting out an email asking recipients if they wish to...

Send us a message

Your message was sent.