Posted on September 9, 2020 at 1:52 PM
Hackers Now Compromise Computers through Custom Windows Themes
Viruses do not magically appear in a company’s system. They usually get their way due to the actions of users – something they do regularly without realizing it. The activities of hackers on Windows systems have increased tremendously in recent times.
Windows 10 comes with a lot of features, but one of its best-known features is the ease of customization. It is very easy to swap out the desktop photo with a few clicks. Users can also save their settings as themes, which has somehow opened the doorway for hackers and cybercriminals to launch attacks on Windows.
These days, it’s very easy to find custom themes for online download with Windows users. However, those who are considering to install a theme they find may have to reconsider their option.
That’s because security researchers have discovered that hackers are now creating custom Windows themes that can compromise computer systems. Those who will make the mistake of downloading one of such fake custom themes could lose all their passwords to the hackers, as security researchers have found.
Bleeping Computer researcher Jimmy Bayne revealed that some specially developed Windows 10 themes have the capability of stealing user passwords. This password-stealing method is what is known to security researchers as “pass the hash attack.”
Issue more serious for Microsoft Accounts
During the attack, the hacker uses an infiltrated file to request the user to log in with their user name and password to confirm it. But in the real sense, the action by the user redirects the password to a remote database where the hacker can access it later for further attacks.
For those systems having local user profiles, this issue is a less critical one. Sadly, Microsoft is gradually shifting to Microsoft Accounts from the previous local users’ account system. The present Microsoft Accounts gives access to different types of cloud-based and online features. If one of these hackers steal a Microsoft Account login, it will lead to a far dangerous prospect.
Generally, Windows themes are not harmful to the computer, which is why many hackers are choosing them as the ideal attack vector. Very few users will expect to get their system compromised through Windows themes. And like other types of malware-infested files, Windows themes can be shared with other Windows 10 users through email. As a result, the user can download these themes from a friend or family without having any idea they are downloading malware-infested themes.
How users can protect themselves from threats
Security researchers have also provided guidelines on how users can protect themselves and avoid being victims of hacking threats. One certain thing is the fact that the problem is only seen in malicious Windows 10 themes.
Those who do not bother to download themes on their computer will avoid any likelihood of the file infiltrating their systems. So, the surest way to keep hackers away from using this malicious tool is not to download these themes.
Also, users can opt to change appearance settings in their Windows by default. You will be only in trouble if you want customized themes, which may be infected.
Security researchers are advising users to ignore any customized Windows 10 theme from their friend. They could be infiltrated with malware.
The only consideration to go ahead with the download is when they have communicated with the sender on phone and they said they are sending a new theme. Otherwise, there is no reason to download a custom them through their email because it could be laced with malware.
One good thing is the fact that it is much easier to identify themes, which also makes it easy to avoid compared to malicious Microsoft Office documents. That’s because they are always used daily for legitimate purposes and much difficult to discover when the trusted account is sending the user a malicious document.