Fake Windows 10 updates are used to spread the Magniber Ransomware strain, reports suggest.
Ransomware continues to plague consumers and businesses, but Magniber appears to primarily target students and other non-professional users, according to beeping computer sources.
Based on the Magnitude exploit kit, the strain first appeared in 2017 as a successor to Cerber, and at the time almost exclusively targeted South Korean users.
Initially, Magniber targeted users who were still using Internet Explorer. The ransomware gang then expanded the scope of its operations to infect systems in China, Taiwan, Hong Kong, Singapore, and Malaysia.
Malicious Windows 10 Updates
These harmful fake Windows 10 updates are distributed under names like Win10.0_System_Upgrade_Software.msi and Security_Upgrade_Software_Win10.0.msi via platforms like crack sites, posing as legitimate cumulative or security updates .
Magniber produces a README.html document in each folder it encrypts. The documents then redirect users to Magniber’s Tor payment site, called “My Decryptor”.
The cybercriminal network’s website graciously provides users with a free file, which it will decrypt at no cost, and lets users know which cryptocurrency address to send coins to if they decide to pay the ransom. It also offers options to contact its “support team”, according to the sources.
Ransomware demands tend to be around $2,500 or 0.068 bitcoin, beeping computer suggests. There is currently no known way to decrypt files encrypted by the Magniber ransomware strain for free.
Fake software updates, covering everything from anti-virus software to Flash Player updates, have always been a popular method of tricking users into downloading malware for years, with the combination of threat and urgency effectively fooling users.
For example, cybersecurity researchers at MalwareHunterTeam recently identified an SMS phishing campaign in which Android users receive an SMS claiming that a video download they started could not be completed without an update. of Flash Player.
The same SMS message provides a link to where the “update” can be found, which instead directs victims to the Android banking trojan’s FluBot malware, which steals login credentials by layering many global banks.
Going through beeping computer