Windows Update that downloads malware

Fake Windows Update Leads to New Malware Attack

ByDanielle Porter

Keeping your software up to date is an important part of protecting your devices from cyberattacks. Earlier this month, major U.S. banks struggled to determine how much data was stolen from customers during a cyberattack on SitusAMC, a major financial technology company based in New York.

Hackers are using fake Windows Updates using a variant of ClickFix, a known malware especially affecting browsers like Google Chrome and Microsoft Edge. The malware is a social engineering technique where a blue prompt that resembles the Windows Update screen, albeit in suspicious font, informs users to “update” the computer and use the Run command when the update “completes.”

How the Windows Update Wrecks Your Computer

ClickFix installs infostealing malware such as LummaC2 and Rhadamanthys on affected systems. The malware uses steganography – a method of hiding data within another file or other forms of data.

Andy Edser of PCGamer explained,

“Pressing Enter activates a PowerShell command, which in turn decrypts and loads a sequence of reflective .NET assemblies used for process injection.
After a convoluted sequence of evasion tactics, a .png file containing shellcode is reconstructed, eventually installing an infostealer variant. It’s a remarkably involved process, all begun by the user kicking off the main sequence of events themselves.”

Experts say that legitimate Windows Update screens will never ask you to copy and paste anything in the Run prompt. Also, keeping Windows updated is the best way to prevent attempts from hackers to hijack your computer.

What is Social Engineering?

Social engineering is a method of manipulating people into revealing confidential information or performing actions that compromise security. According to the U.S. Department of State,

“Attackers employ social engineering to elicit human emotions and exploit system vulnerabilities…Attackers use a variety of ‘social’ platforms and methods to impose deceptive tactics on unsuspecting victims, thereby encouraging and coercing those victims to disclose sensitive data and credentials, as well as access to devices, digital information, and facilities.”

The Department of State adds,

“Attackers know that unfettered emotions such as fear, curiosity, panic, anger, and frustration have the power to cause human error. They understand that, left unrestrained, those emotions often cause us to react without first considering the consequences. Private data is their target; your mind and behaviors are their prey.”

Danielle Porter is a writer for Total Apex Media’s Gaming Section. She is a graduate of both Louisiana State University and the University of Louisiana at Monroe. Her favorite games are Ketsui: Kizuna Jigoku Tachi and Brigador. She currently resides in Louisiana.

More Great Content