top of page

Warning! Stop Believing This Fake ‘Windows Update’ Now

Updated: Mar 17, 2020

Beware of Fake Windows Update

Most people are able to spot a fake email but people who are less tech-savvy are in danger.

A new campaign that claims to be from Microsoft is urging people to update Windows. However, it will install ransomware on your computer instead of the update!

The spam was discovered by researchers from Trustwave’s SpiderLabs. It comes with a subject line such as ‘Critical Microsoft Windows Update!’ or ‘Install Latest Microsoft Windows Update now! Microsoft does not send Windows updates via emails.

The fake Windows update contains just one sentence with the first two letters in the upper case which makes it appear even more illegitimate. Recipients are encouraged to download the ‘update’ attachment by clicking on it. Although the file displays .jog extension, it is actually an executable .NET downloader that infects your system with the malware.

(Source: TechSpot)

On clicking the file, it will download another executable called as the bitcoingenerator.exe from a (now-removed) Github account known as misterbtc2020. Like the email attachment, this executable is .NET compiled malware known as Cyborg ransomware.

The bitcoingenerator.exe changes its extension to -777 and encrypts users’ files. It also leaves a copy of itself called the ‘bot.exe’ which is hidden at the root of the infected drive. The infected system will receive a ransom note named “Cyborg_DECRYPT.txt”, demanding $500 to decrypt the files.

The researchers found three other samples and a builder for the ransomware when they looked for the ransomware’s original filename. Additionally, a YouTube video containing two repositories was also discovered. One repository had the ransomware builder binaries and the other repository a link to the Russian version of the builder.

In recent times ransomware has become the most common choice of malware among cybercriminals. They find it easy to target local government systems. A few days back, Louisiana was attacked for the second time this year. However, its cyber-security team resolved the issue before any damage was done.

bottom of page