Hackers can use Windows 10 themes to steal users password

Hacker typing username and password
Hacker typing username and password
Image credit: frank_peters / Shutterstock

People like to be individuals, and in the computing arena one way to be a little different is to change the look of Windows by using themes. But a security researcher has warned of a technique that could be exploited by hackers to trick users into divulging their Windows login details when applying a theme.

Malicious theme packs can be used to execute a “pass-the-hash” attack which sends passwords to a remote server. The specially designed themes are easy to create, andthe way the credential stealing attack works will fool many people — but there are protective measures that can be put in place.

Security researcher Jimmy Bayne explained that the text files used to configure theme packs could be exploited. Themes are made up of various components including background images, cursors, sound files and more, and they are all linked together by a .theme file. This file is essentially a plain text file that tell Windows where the various resources are in order to make use of the theme.

As reported by Bleeping Computer, this configuration file can be crafted so that Windows is told that rather than loading a locally stored image for the desktop background, it is instead told to look to a remote server. When Windows tries to load the theme, this causes the operating system to display a prompt asking for a user’s login credentials. When these are supplied, the username and the NTLM hash of the password are forwarded on. Research shows that these hashes are very easily decrypted.

On Twitter, Bayne shared his findings in a series of tweets

To protect yourself against this type of attack, you could simply avoid using theme packs that comes from unknown sources, or exercise caution when presented with an unexpected login dialog. But as Bayne suggest, it is also a good idea to associate the .theme, .themepack and .desktopthemepackfile extension to a different application so they are not automatically executed if double clicked.

For more such interesting article like this, app/softwares, games, Gadget Reviews, comparisons, troubleshooting guides, listicles, and tips & tricks related to Windows, Android, iOS, and macOS, follow us on Facebook, Instagram, Twitter, YouTube, and Pinterest.

Advertising statement: The external jump links (including but not limited to hyperlinks, QR codes, passwords, etc.) contained in the article are used to convey more information and save selection time. The results are for reference only. All Naijatechnews articles include this statement.

Article Editor in Chief: Coker | I want to correct article mistakes.

Click to see more posts about 👇

Recommended Gists

Be the first to comment

Leave a Reply

Your email address will not be published.