1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Windows Update hijacked to infect PCs with malware

    From TechnologyDaily@1337:1/100 to All on Fri Jan 28 15:00:04 2022
    Windows Update hijacked to infect PCs with malware

    Date:
    Fri, 28 Jan 2022 14:40:09 +0000

    Description:
    North Korean cybercrime group Lazarus spotted in action once again, this time with a bogus Windows Update scam.

    FULL STORY ======================================================================

    Lazarus, a known cybercrime group with ties to the North Korean government, has managed to abuse the Windows Update Client to distribute malware , cybersecurity researchers from Malwarebytes have found.

    In a blog post detailing their findings, the researchers said they were investigating a phishing campaign impersonating Lockheed Martin, an American aerospace, arms, defense, information security, and technology corporation.

    The group was distributing two files - Lockheed_Martin_JobOpportunities.docx, and Salary_Lockheed_Martin_job_opportunities_confidential.doc, obviously targeting people interested in getting a job at the company. Malicious macros

    The documents themselves carried malicious macros which, if activated, drop a WindowsUpdateConf.lnk file in the target endpoints startup folder, and a DLL file (wuaueng.dll) in the Windows/System32 folder.

    After that, the .lnk file launches the Windows Update Client which, in turn, launches the malicious DLL.

    This is an interesting technique used by Lazarus to run its malicious DLL using the Windows Update Client," to bypass antivirus solutions and other security mechanisms.

    With this method, the threat actor can execute its malicious code through the Microsoft Windows Update client by passing the following arguments: /UpdateDeploymentProvider, Path to malicious dll and /RunHandlerComServer argument after the dll. Read More

    Hackers are using DDoS attacks to squeeze victims for ransom



    North Korean malware could still pose major threat



    Linux users beware - you could be facing more cyber threats than ever
    before

    This is not the first time someones taken advantage of the Windows Update Client to run malware as back in October 2020, MDSec researcher David Middlehurst discovered the flaw, and even its abuse in the wild.

    We are yet to see what Microsoft will do about it but, as usual, one should
    be extra careful when downloading and running documents coming in through the mail, especially if they require the activation of macros.

    Lazarus is one of the worlds most dangerous cybercrime groups, notorious for their involvement in the WannaCry fiasco, as well as the attack on Sony,
    after the company released a comedy movie set in a fictitious North Korea. Here's our take on the best ransomware protection right now

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/windows-update-hijacked-to-infect-pcs-with-malw are/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)