1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • More fake Windows updates are spreading malware, so watch what yo

    From TechnologyDaily@1337:1/100 to All on Thu May 11 13:45:03 2023
    More fake Windows updates are spreading malware, so watch what you download

    Date:
    Thu, 11 May 2023 12:37:24 +0000

    Description:
    A pop-under campaign is delivering a novel dropper which tries to install the Aurora infostealer using fake Windows updates.

    FULL STORY ======================================================================

    Researchers have warned of a new cyber scam campaign using fake Windows updates to trick victims into downloading and running the Aurora infostelaer on their devices.

    Experts at Malwarebytes recently spotted a malicious advertising campaign leveraging pop-under ads to deliver a malware loader.

    Pop-under ads are a type of ad that loads under the browser , and is only visible once the user closes, or moves the browser out of sight. These ads, served mostly on adult content websites with high traffic numbers, are displayed in full-screen, and tell the user that they need to update their device. More than a dozen domains were used in this campaign, it was said. Turkish victims

    Those that fall for the trick would download a file called ChromeUpdate.exe which, in reality, is a malware loader called Invalid Printer. The
    researchers are saying that Invalid Printer is a so-called fully undetectable (FUD) malware loader, used exclusively by this particular, yet unnamed,
    threat actor. Once Invalid Printer makes it to the target endpoint, it will first check the graphic card to see if its installed on a virtual machine, or in a sandbox. If it determines that the device is a legitimate target, it
    will unpack and launch a copy of the Aurora infostealer.

    Aurora is a piece of malware with extensive capabilities and low antivirus detection, its creators claim. In reality, it took antivirus programs a few weeks to start flagging Aurora installs as malicious, Malwarebytes said. Written in Golang, Aurora is on sale on dark web forums for more than a year now. In this particular campaign, some 600 devices were compromised, the researchers believe. Read more

    A nasty new infostealer malware is landing in email inboxes


    This new malware has emerged from the dark web and is after your data


    These are the top ID theft protection tools today

    According to Jrme Segura, director of threat intelligence at Malwarebytes, most victims are Turkish, as every time a new sample gets submitted to Virus Total, it comes from a Turkish user.

    "In many instances, the file name looked like it had come fresh from the compiler (i.e. build1_enc_s.exe)," the researcher concluded. These are the best firewalls around

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/more-fake-windows-updates-are-spreading-malware -so-watch-what-you-download


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)