Beware of Fake Windows 10 and Antivirus Updates: Here’s Why


A ransomware campaign is targeting home users by posing as software updates through fake Windows 10 and antivirus installations, cybersecurity researchers have revealed.

The ransomware campaign called Magniber then demands $2,500 from victims to unlock their data, the HP Threat Research team reveals.

Notably, the attackers used clever techniques to evade detection, such as running the ransomware in memory, bypassing User Account Control (UAC) in Windows, and bypassing detection techniques that monitor user-mode hooks using system calls instead of standard Windows API libraries,” the team explained.

Even though Magniber doesn’t fall into the “big game hunting” category, it can still cause significant damage.

“Home users were the likely target of this malware based on supported OS versions and UAC bypass. Attackers used clever techniques to evade protection and detection mechanisms,” noted security researchers.

With UAC bypass, the malware deletes shadow copy files from the infected system and disables backup and recovery features, preventing the victim from recovering their data using Windows tools.

The infection chain begins with a web download from an attacker-controlled website.

The user is prompted to download a ZIP file containing a JavaScript file believed to be an important Windows 10 antivirus or software update.

Home users can protect themselves from ransomware campaigns like this by following this simple tip:

The HP security team said home users should only download software updates from trusted sources, as the campaign depends on tricking people into opening fake software updates. “Back up your data regularly. Backing up your data will give you peace of mind should the worst happen,” they suggested.

Read all Latest technical news and recent news here


Comments are closed.