These fake Windows 10 updates will land you with a ransomware infection

Cybercriminals are smuggling malware inside fake Windows 10 updates

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

FakeWindows 10updates are being used to spread the Magniberransomwarestrain, reports suggest.

Ransomware continues to be a scourge for consumers and businesses alike, but Magniber mainly seems to be targeting students and other non-professional users, according toBleeping Computersources.

Based on the Magnitude exploit kit, the strain first appeared in 2017 as a successor to Cerber, and at the time almost exclusively targeted South Korean users.

Initially, Magniber targeted users who were still usingInternet Explorer. The ransomware gang then expanded the scope of its operations to infecting systems in China, Taiwan, Hong Kong, Singapore, and Malaysia.

Malicious Windows 10 updates

These damaging fake Windows 10 updates are being distributed under names such as Win10.0_System_Upgrade_Software.msiand Security_Upgrade_Software_Win10.0.msi via platforms such as crack sites, posing as legitimate cumulative or security updates.

Magniber produces a README.html document in each folder which it encrypts. The documents then redirect users to Magniber’s Tor payment site, which is called ‘My Decryptor’.

The cybercriminal ring’s website graciously provides users with one free file, which it will decrypt without charge, and allows users to find out which cryptocurrency address to send coins to if they decide to pay the ransom. It also provides options to contact its “support team'', according to the sources.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The ransomware demands tend to be around $2,500 or 0.068 bitcoin,Bleeping Computersuggests. There are not currently any known ways of decrypting files encrypted by the Magniber ransomware strain for free.

Nasty WordPress plugin bug puts thousands of sites at risk>Hackers have found a sneaky new way to infect Windows devices>This spiteful ransomware strain is even more dangerous than most

Fake software updates, covering everything fromantivirus softwareto Flash Player Updates, have been a consistently popular method of duping users into downloadingmalwarefor years, with the combination of threat and urgency effectively duping users.

For example, cybersecurity researchers from MalwareHunterTeam recently identified an SMS phishing campaign whereby Android users receive a text message claiming that a video upload they started couldn’t be completed without an update to theFlash Player.

The same SMS message provides a link to where the “update” can be found, which instead directs victims to Android banking trojan FluBotmalware, which steals login information by overlaying many global banks.

ViaBleeping Computer

Will McCurdy has been writing about technology for over five years. He has a wide range of specialities including cybersecurity, fintech, cryptocurrencies, blockchain, cloud computing, payments, artificial intelligence, retail technology, and venture capital investment. He has previously written for AltFi, FStech, Retail Systems, and National Technology News and is an experienced podcast and webinar host, as well as an avid long-form feature writer.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)