Neowin reports that specially crafted Windows 10 themes files can be used to steal users' credentials.
New finding says custom Windows 10 themes can be used to steal users' credentials
A new finding shared on Twitter by security researcher Jimmy Bayne points towards a loophole in Windows 10’s themes settings that can let bad actors steal users’ credentials by creating a specific theme to carry out a ‘Pass-the-Hash’ attack. The ability to install separate themes from other sources lets attackers create malicious themes files that when opened, redirect users to a page that prompts users to enter their credentials.
New finding says custom Windows 10 themes can be used to steal users' credentials
