Threat actors have long been using fake software updates to trick users into downloading malware. And the ongoing massive Magniber ransomware campaign is no different.1
What’s worse, though, is that apart from losing access to critical files and their possible exposure, victims who don’t have backups and need to regain file access also stand to lose around US$2,500.2
In an effort to help security teams ensure protection, our in-depth investigation into the threat led to the discovery of:
- 80+ domains containing the Windows-specific strings “windows + update,” “windows + patch,” and “windows + security,” two of which have been dubbed “malicious” by various malware engines
- 100+ domains containing the generic software strings “software + update,” “software + patch,” and “software + security,” one of which has been confirmed as a malware host
- 40+ subdomains containing the Windows-specific strings “windows + update,” “windows + patch,” and “windows + security,” two of which have been tagged “malicious” by various malware engines
- 210+ subdomains containing the generic software strings “software + update,” “software + patch,” and “software + security,” 11 of which were confirmed malware hosts
Download a sample of the threat research materials now or contact us to access the complete set of research materials.
—
- [1] https://threatresearch.ext.hp.com/magniber-ransomware-switches-to-javascript-targeting-home-users-with-fake-software-updates/
- [2] https://www.bleepingcomputer.com/news/security/fake-windows-10-updates-infect-you-with-magniber-ransomware/