Fake Windows 10 ‘Update’ Is Actually Just Filled With Ransomware

It’s no secret that Microsoft’s Windows 10 updates have been controversial as of late. They’ve been filled with patches fixing previous updates’ bugs only to create more issues. Now, there’s a whole new problem altogether: Fake ransomware-filled updates.

[referenced url=”https://www.lifehacker.com.au/2019/10/latest-windows-10-update-could-be-the-worst-one-yet/” thumb=”https://www.lifehacker.com.au/wp-content/uploads/sites/4/2019/10/win10-410×231.jpg” title=”Latest Windows 10 Update Could Be The Worst One Yet” excerpt=”We regret to inform you that the latest Windows 10 updates continue to be downright pests. This time, there are reports of some users receiving the rightfully ominous-sounding, Blue Screen of Death (BSOD) after updating. Here’s what you should do.”]

Researchers over at Trustwave’s SpiderLabs have warned Windows 10 owners of a new email scam designed to trick users frustrated with broken updates into downloading a fake update. That update, of course, is filled with ransomware.

How to spot fake Windows 10 updates

SpiderLabs explains the infected emails often come with the subject line Install Latest Microsoft Windows Update now! or Critical Microsoft Windows Update! with the body simply including one line to the effect of “Please install the latest critical update from Microsoft attached to this email.”

There will likely be something that looks like a .jpg file but SpiderLabs explains it’s actually an .exe file, which will launch the file that then installs the malicious malware. The file is about 28KB, according to the researchers.

“The Cyborg Ransomware can be created and spread by anyone who gets hold of the builder,” SpiderLabs’ blog said. “It can be spammed using other themes and be attached in different forms to evade email gateways. Attackers can craft this ransomware to use a known ransomware file extension to mislead the infected user from the identity of this ransomware.”

How do I not get infected?

Like all advice, the best thing to do when you see dodgy emails requesting you install something is to delete them and make sure your password is strong if you suspect it’s been compromised. Telltale signs of an email with malicious intent include misspellings, poor grammar and incorrect branding.

While it’s not advisable to even open an email, if you check the sender’s email, they’re also likely to be a dead giveaway. Official emails from Microsoft, or even Netflix like another recent scam, are not likely to use Gmail or include incorrect domains like “Microsoft.org”. Keep an eye on these and remember to report anything to Scamwatch so they can monitor the situation.

[referenced url=”https://www.lifehacker.com.au/2019/11/do-we-need-to-freak-out-about-windows-bluekeep/” thumb=”https://www.lifehacker.com.au/wp-content/uploads/sites/4/2019/11/Windows-image-410×231.jpg” title=”What Is Windows BlueKeep And Do We Need To Freak Out?” excerpt=”While we all like to think we’re reasonably vigilant with security on our devices, we tend to be lulled into a false sense of security if we haven’t been affected for a while. So here’s something that should snap you back to attentive: A new cyberworm, called BlueKeep, is shaping up to be one of the worst mass cyber attacks since WannaCry. Yikes.”]

[Via SpiderLabs]


4 responses to “Fake Windows 10 ‘Update’ Is Actually Just Filled With Ransomware”

Leave a Reply