Windows 10 users are facing another new security threat, this time coming from an unlikely place. If you want to jazz up the look of your Windows 10 operating system then one of the easiest ways to do this is by installing a custom theme. These themes are available for download from the Microsoft Store, catering for a wide range of styles and tastes.
However, a security expert has discovered an innocent-looking Windows 10 theme pack can be used to steal an unsuspecting victim’s password.
As reported on in a post by Bleeping Computer, researcher Jimmy Bayne discovered how a Windows 10 theme pack can be the pivotal component in a Pass-the-Hash attack.
These type of attacks are used to steal Windows 10 usernames and passwords by tricking a victim into accessing a remote resource that requires authentication.
To carry out the attack, Bayne explained that a nefarious party would need to tinker with a wallpaper key found in a theme pack to enable login credentials to be stolen.
The compromised file could then be shared via an e-mail attachment or through a download link to an unsuspecting Windows 10 users.
Bayne explained: “Using a Windows .theme file, the Wallpaper key can be configured to point to a remote auth-required http/s resource. When a user activates the theme file (e.g. opened from a link/attachment), a Windows cred prompt is displayed to the user.
“The wallpaper key is located under the “Control Panel\Desktop” section of the .theme file. Other keys may possibly be used in the same manner, and this may also work for netNTLM hash disclosure when set for remote file locations.”
If a Windows 10 user falls for the compromised theme, hackers will still have some legwork to – having to crack the hashed password they managed to obtain.
However, tests run by Bleeping Computer shows special scripts can manage to do this in a matter of seconds.
Advising Windows 10 users on how to stay safe, Bayne said re-associating any .theme, .themepack or .desktopthemepackfile extensions will help protect a user.
However, the trade-off to this is it would prevent a Windows 10 user from switching to another theme.
While setting up two-factor authentication on your Microsoft account, if you haven’t done so already, will add a much-needed extra level of security.
Speaking to Forbes, Jake Moore, cybersecurity specialist at ESET, said: “These gimmicky themes are clearly not created with security in mind, and at the risk of exposing passwords and other sensitive data, I would suggest users think twice when installing them.
“With more users forced to move away from local Microsoft accounts, this comes with the added risk of remote attacks and the potential of attacking further services such as email.
“It is vital to use two-factor authentication for as many services that offer it.”
Source: Read Full Article