Malware developers are always finding new ways to sneak their payloads onto people’s computers. Recently, a security researcher discovered that hackers could use custom Windows 10 themes to steal account information from their victims. Thus proving the point.
This news comes to us via Twitter user @bohops, who made this discovery and made a chain of tweets explaining how the attack works.
An infected theme file will contain a line of code that changes the user’s wallpaper. This line of code tells your computer to fetch an image from the hacker’s website to use as the wallpaper.
Then, the hacker sets up their website so that it asks for the user’s Windows 10 credentials when the user connects to it. This is done by telling Windows 10 that the file is only for sharing via remote access.
As such, when the user runs the theme, the user’s computer goes to fetch the wallpaper from the hacker’s website. The website tells the user’s computer that it requires remote access credentials. Windows 10 then asks the user to enter their username and password to gain access to the image.
If the user enters their username and password, the hackers harvest the information when it’s sent to their server. The hacker can then decrypt the information and get the user’s username and password.
While this seems bad enough, it gets even worse when you realize that Windows 10 login credentials are usually a Microsoft account name and password. As such, this attack doesn’t just allow the hacker to gain access to a PC, but also the victim’s Microsoft account as a whole.
Installing theme files from unknown sources is never a good idea, and this discovery shows why. Be careful with installing theme files in the future, and never enter your credentials into a pop-up window that a theme shows.
While this is potentially scary news, it’s still safe to download and install themes from safe sources. There are plenty of beautiful and safe themes you can install to stylize your computer as you see fit. Just avoid the dodgy websites and you should be fine.