Cybercriminals are becoming more cunning in delivering their malware and viruses. Since the COVID-19 pandemic began, cybercriminals have teamed up. Their attacks increased on big and small companies and individuals.
Many chose remote working as their new conduit to work online. Many people have suffered due to hacks and data breaches and, in turn, the companies they worked for. Phishing websites are now a favorite method for hackers to infiltrate PCs.
Promotional items, for example, are often used to steal victims’ credentials once they reveal their information. However, CloudSEk researchers have recently undercover a multi-stage information stealer malware that targets Windows users.
This new malware can steal browser information from users, crypto wallets, and more. The malware is deployed masquerading as an ISO file Windows 11 upgrade on the victim’s PCs. The malware is part of a fraudulent campaign that uses fake domains to host the payload.
Fake Windows upgrade malware
The latest major Microsoft Windows operating system is Windows 11, since October 2021. Even when the new OS upgrade was in its beta stages, cybercriminals targeted victims. They conducted such attacks by offering Windows 11 upgrades.
At the end of 2021, a Windows 11-themed malware campaign was discovered by a security firm. However, it isn’t the first time a malware poses as a Windows upgrade. A couple of years ago, many cybercriminals would email their victims about an upgrade to their Windows 10.
They would offer such upgrades for free. Such emails contained attachments where ransomware and other malware were present. These viruses are activated once the victim opens the attached files.
The latest Windows Upgrade malware uncovered by CloudSEK has been disassembled. The researchers reverse-engineered the malware to understand its installation and payload injection better.
Researchers discovered that the new Windows 11 malware was built using the Delphi programming language. The binary used by cybercriminals is coded in Visual Basic before being converted into executables.
An open-sourced Batch obfuscator is employed to hide the malware, while the attackers used the Inno Setup 6.1.0 installer. A fake domain hosting Windows 11 upgrades was used to deploy the stealer malware on unsuspecting victims.
How the malware found its way to users?
Cybercriminals used SEO to make their fake domain hosting Windows 11 upgrades appear in search engines more easily. Anyone searching for such updates was highly likely to find this website and install the fake Windows updates.
The crypto stealer malware would steal personal information from its victims, such as browser data and crypto-wallet data. The data would then be sent to a C2 server, most likely created by the same hackers. These cybercriminals would most likely sell their victim’s data to third parties or use their information in other ways.
Microsoft officials stated that Windows 11 would continue to upgrade its security in the future. However, both remote working employees and individuals are still vulnerable to cyberattacks.
Protecting yourself online
Even though cyberattacks are on the rise, it doesn’t mean you can’t stay protected online. Many attacks are successful due to people’s unawareness rather than poor cybersecurity tools. However, combining cybersecurity knowledge and tools is essential in protecting your online data. Here is what you can do:
Inform employees
Many companies should actively train their employees about cybersecurity best practices. They need to understand what is at stake, how cybercriminals target victims, and what tactics they use. You can raise awareness and avoid costly mistakes through routine cybersecurity session training. The weakest cybersecurity link for your business will always be the human factor.
Use a VPN
Consider using VPNs while you browse online. A VPN is a virtual private network that protects you from prying eyes. You can disguise your IP with a fake one, gaining privacy and online protection.
Depending on the VPN provider, you can also benefit from other features to enhance your online privacy and cybersecurity. With a VPN, you can also benefit from secure public WiFi connections as they will hide your data. A VPN, according to the NordVPN Wikipedia Page, can even hide your online data from your internet provider or even the government.
Avoid pirating online
Many games, movies, and software are accessible online. However, you should avoid pirating them as any of these files can have malware attached. Sometimes, you can get crypto-mining malware, which is difficult to remove and raise your electricity bills.
In other cases, you can face ransomware attacks. The malware will hold your data hostage until a payment is made in this scenario. You might be able to get back your data without paying. However, it is a complex procedure as well.
Update from official sources
Never update your OS or other software from third parties. Always go with the official manufacturer’s website if you want to update anything on your PC.
You must follow the above described tips and aspects in order to strengthen your online safety and security.
