A new vulnerability has been detected in the Windows operating system, which could lead the hackers to steal passwords using the Windows theme. These Malicious theme packs can be used to execute a “pass-the-hash” attack which sends passwords to a remote server. These themes are attractive and made in a way to attract the user to download them. These themes are made or created in a way that has an inbuilt mechanism to steal your details after it has been applied. Themes are made out of various components such as icons, images, background, mouse pointers, sounds, etc.
All of these components are together linked using the .theme filename. These malicious themes ask the users to enter their Windows password to enter and apply the theme, which then uses the information and passes them to a remote server. These kinds of malicious themes can also be used to take full control of your system and corrupt the Windows files or steal your very important data such as banking or financial logins. However, if you do not want any such things to happen, then simply try to avoid downloading any such themes from a third party or unknown source.
Also, one can associate .theme, .themepack, and .desktopthemepack file extension to a different application so they are not automatically executed if double-clicked.
These are a few things that one can do to avoid any such issues in their operating system. Also, make sure not to download any kind of theme or software from a third party or unknown resources as they might contain files that can damage your operating system.