Hackers Used Windows Theme Packs To Hack Passwords

September 16, 2020

Written by wukovits

hackers used windows theme packs to hack passwordsAre you a fan of customizing your Windows experience via themes? If so, you’re not alone. While it’s true that themes aren’t used by a majority of Windows users, they’re still highly popular.

If you’re creating your own themes, you don’t have anything to worry about. The danger lies in downloading theme packs from others, especially if you get them from a source you don’t know and trust implicitly.

Clever hackers can now create “poisoned” themes that can be used to steal Windows credentials. Security researcher Jimmy Bayne discovered the new flaw when he stumbled across a poisoned theme capable of tricking unsuspecting users into accessing a remote SMB share that requires authentication.

When the user attempts to access the remote resource that requires a login, Windows responds by automatically trying to log in, using your Windows user name and their hashed password. Naturally, the hacker sets up the attack so that they control the remote resource and thus, is able to harvest the credentials and dehash the password at their leisure.

Microsoft has spent the last few years migrating away from local Windows 10 accounts and is leaning more heavily on the Cloud. This makes the theme-based attack much more likely to succeed.

Even worse, Microsoft has expressed no interest in fixing this particular flaw, because according to a spokesman for the company, it’s working exactly as it is supposed to. That puts regular theme users in something of a bind.

Your first best defense against this type of attack is to make any themes you want to use yourself, or if you download a theme pack, be sure you’re getting it from a trusted source.

Barring that, your only other viable option is to block or re-associate the .theme, .themepack, or .desktopthemepackfile extensions to a different program. This approach, however, will break the theme functionality, so it can only be used by those who don’t need to frequently switch from one theme to another.

It’s not a common attack, but it’s definitely something to be on guard against.

Used with permission from Article Aggregator

Bayou Tech

We provide solutions for your business. Find out how we can help.

Related Articles

Key Considerations for Effective Cybersecurity Implementation

Consider this: In the realm of cybersecurity, things often get tangled in the web of "you should do it anyway" arguments. Yet, for busy business owners bombarded with daily "must-dos," deciphering the essentials from the fluff can feel like a cyber maze. We aim to...

Major Cyber Attack at OMV

Louisiana’s Office of Motor Vehicles (OMV) is one of a still undetermined number of government entities, major businesses, and organizations to be affected by an unprecedented Data Breach.There is no indication at this time that cyber attackers who breached MOVEit...