Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Warning: Ransomware is spreading through fake malicious Windows updates
International security researchers have just made an urgent announcement about a campaign to spread ransomware through fake Windows 10 updates.
Named Magniber, this dangerous ransomware strain has been around on the internet for a while, and ranks in the dangerous group with its diverse infectivity. Back in 2021, Magniber was used by a group of malicious actors in the infamous PrintNightmare exploit campaign. As recently as January 2022, this ransomware strain was also recorded spreading through Microsoft Edge and Chrome at a rapid rate.
According to the latest report from, this new Magniber infection campaign does not seem to be limited to a specific region or territory. There have been a series of recorded cases of infection scattered in many countries around the world. The common feature is that malicious code is implanted in malicious Windows 10 updates, but designed to look like the real thing, and some of them even have a fake ID knowledge base (KB) attached to increase the theory. dress. Reported instances of fake updates include:
- Win10.0_System_Upgrade_Software.msi
- Security_Upgrade_Software_Win10.0.msi
- System.Upgrade.Win10.0-KB47287134.msi
- System.Upgrade.Win10.0-KB82260712.msi
- System.Upgrade.Win10.0-KB18062410.msi
- System.Upgrade.Win10.0-KB66846525.msi
These malicious updates are being spread unlimitedly via pirated, fake websites. Such as in the screenshot below.
Warning: Ransomware is spreading through fake malicious Windows updates Picture 1
After successfully infecting malicious files are installed on the victim's system, they will continue to delete backups of encrypted drives and generate a "README" HTML file containing a ransom note (recognized by the victim). shown in the image below):
Warning: Ransomware is spreading through fake malicious Windows updates Picture 2 
Warning: Ransomware is spreading through fake malicious Windows updates Picture 3
On the ransom payment website, the malicious actor will ask the victim to pay around 2,600 USD or 0.068 bitcoin (BTC) to get back the encrypted data. The ransom will double if the victim does not pay after 5 days.
Warning: Ransomware is spreading through fake malicious Windows updates Picture 4
To protect yourself from Magniber and a similar infection campaign, it's best to stay away from unofficial sources of Windows update downloads. Instead, download new updates from Windows Update itself. Alternatively, you can also search for standalone updates on the Microsoft Update Catalog website.
Jessica TannerYou should read it
- 7 kinds of ransomware you didn't expect
- List of the 3 most dangerous and scary Ransomware viruses
- Ransomware can encrypt cloud data
- General guidelines for decoding ransomware
- What is Ransomware Task Force (RTF)?
- [Infographic] 7 effective ways to protect businesses from Ransomware
- How to decode ransomware InsaneCrypt (Everbe 1.0)
- Why is Ransomware the perfect hack?
- Learn about Ransomware: 6 ransomware on computers
- Detecting two unusual versions of ransomware, shows that the world of ransomware has become diversified
- What is Fargo Ransomware? How to avoid?
- Warning: Quantum Ransomware is being rapidly deployed in lightning attacks
Maybe you are interested
Microsoft makes major improvements to Windows Update, updates will be installed much faster
Windows updates constantly, why?
Roundup of new Chrome features and security updates
Scammers are using fake Windows updates to steal users' files
Microsoft updates a series of useful new features for Windows Sandbox
List of Samsung smartphones eligible for Android updates within the next 3 to 7 years
Attack the network
Warning: Quantum Ransomware is being rapidly deployed in lightning attacks- HP publishes a series of critical vulnerabilities in the Teradici PCoIP protocol
- Notorious hacker group Hafnium deployed malicious code to target Windows, Microsoft stood still
- New banking malware discovered that can remotely control Android devices
- Malware spreads through crack software specializing in stealing Facebook, Instagram, and Twitter accounts
- VMware patches RCE Spring4Shell vulnerability on a wide range of products
Warning: Quantum Ransomware is being rapidly deployed in lightning attacks
HP publishes a series of critical vulnerabilities in the Teradici PCoIP protocol
Notorious hacker group Hafnium deployed malicious code to target Windows, Microsoft stood still
New banking malware discovered that can remotely control Android devices
Malware spreads through crack software specializing in stealing Facebook, Instagram, and Twitter accounts
VMware patches RCE Spring4Shell vulnerability on a wide range of products