There is a new cyberattack targeting Windows 10 themes users. While these stylish themes allow you to fully customize the look of your entire operating system by changing the color, sounds, mouse cursors, and wallpaper; researchers believe that hackers are using this as a “Pass-the-Hash” to gain access and steal Windows account credentials.

These kinds of attacks target Windows users by deceiving them into accessing a remote SMB share that requires them to use their username and password information. Once they are granted access, Windows will automatically try to log in to this system by sending the user’s username as well as an NTLM hash of their password. These credentials are then picked up by hackers who attempt to dehash the information in order to access the visitor’s login info.

Did you know that dehashing an easy password can take up to 4 seconds to crack?!?! Make sure you are using a combination of letters, numbers, and special characters in your password to make it strong and harder to decipher.

To keep yourself and your company protected, its advisable that you block or re-associate the .theme, .themepack, and  .desktopthemepackfile extensions to a different program. However, keep in mind that doing so will break the Windows 10 themes feature, therefore make sure you are satisfied with the one you have and you do not need to switch to another theme. 

You can also configure a group policy named “Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers” and set it to “Deny All” which will prevent your NTLM credentials to be shared by a remote host. One thing to remember is that this might affect businesses that grant remote access to other entities.