Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Warning: Ransomware is spreading through fake malicious Windows updates
International security researchers have just made an urgent announcement about a campaign to spread ransomware through fake Windows 10 updates.
Named Magniber, this dangerous ransomware strain has been around on the internet for a while, and ranks in the dangerous group with its diverse infectivity. Back in 2021, Magniber was used by a group of malicious actors in the infamous PrintNightmare exploit campaign. As recently as January 2022, this ransomware strain was also recorded spreading through Microsoft Edge and Chrome at a rapid rate.
According to the latest report from, this new Magniber infection campaign does not seem to be limited to a specific region or territory. There have been a series of recorded cases of infection scattered in many countries around the world. The common feature is that malicious code is implanted in malicious Windows 10 updates, but designed to look like the real thing, and some of them even have a fake ID knowledge base (KB) attached to increase the theory. dress. Reported instances of fake updates include:
- Win10.0_System_Upgrade_Software.msi
- Security_Upgrade_Software_Win10.0.msi
- System.Upgrade.Win10.0-KB47287134.msi
- System.Upgrade.Win10.0-KB82260712.msi
- System.Upgrade.Win10.0-KB18062410.msi
- System.Upgrade.Win10.0-KB66846525.msi
These malicious updates are being spread unlimitedly via pirated, fake websites. Such as in the screenshot below.
After successfully infecting malicious files are installed on the victim's system, they will continue to delete backups of encrypted drives and generate a "README" HTML file containing a ransom note (recognized by the victim). shown in the image below):
On the ransom payment website, the malicious actor will ask the victim to pay around 2,600 USD or 0.068 bitcoin (BTC) to get back the encrypted data. The ransom will double if the victim does not pay after 5 days.
To protect yourself from Magniber and a similar infection campaign, it's best to stay away from unofficial sources of Windows update downloads. Instead, download new updates from Windows Update itself. Alternatively, you can also search for standalone updates on the Microsoft Update Catalog website.
Jessica TannerYou should read it
- Ransomware can encrypt cloud data
- General guidelines for decoding ransomware
- What is Ransomware Task Force (RTF)?
- [Infographic] 7 effective ways to protect businesses from Ransomware
- How to decode ransomware InsaneCrypt (Everbe 1.0)
- Why is Ransomware the perfect hack?
- Learn about Ransomware: 6 ransomware on computers
- Detecting two unusual versions of ransomware, shows that the world of ransomware has become diversified
May be interested
- Warning: Quantum Ransomware is being rapidly deployed in lightning attacks
ransomware (ransomware) is probably not a new concept for most computer users. however, quantum ransomware is a term not everyone has heard of. - HP publishes a series of critical vulnerabilities in the Teradici PCoIP protocolhp has warned of serious security vulnerabilities in the teradici pcoip client and agent for windows, linux, and macos. these vulnerabilities affect 15 million endpoints.
- Notorious hacker group Hafnium deployed malicious code to target Windows, Microsoft stood stillhafnium, the notorious hacker group that shocked the world with a campaign to destroy microsoft exchange servers more than a year ago, is making a comeback that makes microsoft once again stand still.
- New banking malware discovered that can remotely control Android devicesinternational security researchers have just released an announcement about a new banking malware called octo.
- Malware spreads through crack software specializing in stealing Facebook, Instagram, and Twitter accountssecurity researchers have discovered an information-stealing malware called ffdroider. by stealing credentials and cookies stored in the browser, ffdroider can take control of the victim's social media accounts.
- VMware patches RCE Spring4Shell vulnerability on a wide range of productsvmware has released a number of security updates to patch remote code execution for a dangerous vulnerability called spring4shell in the company's virtual machine and cloud products.
Attack the network
Warning: There appears an email notification of Windows updates from a fake Microsoft that contains cyber ransomware- Discovered that a fake PayPal website is spreading Nemty Ransomware
- Warning: New malicious code is infecting about 500,000 router devices
- Warning: The new Facebook virus, a malicious code that is spreading rapidly through Messenger
- Download and sell Windows patches for all versions to avoid being hit by a massive cyber attack, affecting 150 countries and still spreading
Warning: There appears an email notification of Windows updates from a fake Microsoft that contains cyber ransomware
Discovered that a fake PayPal website is spreading Nemty Ransomware
Warning: New malicious code is infecting about 500,000 router devices
Warning: The new Facebook virus, a malicious code that is spreading rapidly through Messenger
Download and sell Windows patches for all versions to avoid being hit by a massive cyber attack, affecting 150 countries and still spreading