Security 10808 Published by

Neowin reports that specially crafted Windows 10 themes files can be used to steal users' credentials.



New finding says custom Windows 10 themes can be used to steal users' credentials

A new finding shared on Twitter by security researcher Jimmy Bayne points towards a loophole in Windows 10’s themes settings that can let bad actors steal users’ credentials by creating a specific theme to carry out a ‘Pass-the-Hash’ attack. The ability to install separate themes from other sources lets attackers create malicious themes files that when opened, redirect users to a page that prompts users to enter their credentials.



New finding says custom Windows 10 themes can be used to steal users' credentials