That new Windows 10 update could be packed with ransomware
Users have been warned not to download a fake Windows 10 update which is actually packed with malware.
Security researchers from Trustwave’s SpiderLabs have uncovered a new malicious campaign that spoofs an urgent update email from Microsoft to infect user’s systems with the Cyborg ransomware.
Targeted users first receive an email with either the subject line ‘Install Latest Microsoft Windows Update now!’ or ‘Critical Microsoft Windows Update!’ which is already suspicious as Microsoft pushes Windows updates through its operating system and never through emails.
The email itself contains just one line of text which reads: “Please install the latest critical update from Microsoft attached to this email”. While the fake update attachment has “.jpg” file extension, it is actually not a picture but instead is an executable file.
This executable file is a malicious .NET download that the attackers have designed to deliver malware to the infected system.
Upon clicking on the email’s attachment, the executable hidden within it downloads a file called ‘bitcoingenerator.exe’ from a GitHub account with the name misterbtc2020. Just like with the attachment itself, this file is a .NET compiled malware known as the Cyborg ransomware.
Once activated, the ransomware encrypts all of the files on the infected user’s system and appends their filenames with its own file extension, 777. A ransom note with the filename ‘Cyborg_DECRYPT.txt’ is then left on the desktop of the…