A fake Microsoft support website is tricking people into downloading what looks like a normal Windows update. Instead, it installs malware designed to steal passwords, payment details, and account access. Because the file looks legitimate and avoids detection, it can slip past both users and security tools.
Malwarebytes Labs researchers spotted the campaign at microsoft-update[.]support, a typosquatted domain dressed up to look like an official Microsoft support page. The site is written entirely in French (but these campaigns tend to spread quickly) and presents a fake cumulative update for Windows version 24H2, complete with a plausible KB article number. A large blue download button invites users to install the update.
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Android Zero-Day Bug Opens Door to Privilege Escalation Attack, Researchers Warn
September 4, 2019
Researchers are warning of a high-severity zero-day vulnerability in Google’s Android operating system, which if exploited could give a local attacker escalated privileges on a target’s device. The specific flaw exists within the v4l2 (Video4Linux 2) driver, which is the Android media driver. When exploited, a component within the v4l2 “does not validate the existence of ...
- Fraudsters use AI voice manipulation to steal £200,000
September 2, 2019
Cyber criminals have used artificial intelligence (AI) and voice technology to impersonate a UK business owner, resulting in the fraudulent transfer of $243,000 (£201,000). In March this year, what is believed to be an unknown hacker group is said to have exploited AI-powered software to mimic the prominent business leader’s voice to fool his subordinate, the CEO of ...
- Google finds malicious sites pushing iOS exploits for years
August 30, 2019
Security researchers at Google said they found malicious websites that served iPhone exploits for almost three years. The attacks weren’t aimed at particular iOS users, as most iOS exploits tend to be used, but were aimed at any user accessing these sites via an iPhone. “There was no target discrimination; simply visiting the hacked site was enough ...
- Hiding in Plain Text: Jenkins Plugin Vulnerabilities
August 30, 2019
Jenkins is a widely used open-source automation server that allows DevOps developers to build, test, and deploy software efficiently and reliably. In order to make the most out of Jenkins’ modular architecture, developers make use of plugins that help extend its core features, allowing them to expand the scripting capabilities of build steps. As of writing, there ...
- FIN6 Switches Up PoS Tactics to Target E-Commerce
August 29, 2019
The group is using the More_eggs JScript backdoor to anchor its attack. The financial cybergang known as the FIN6 group, known for going after brick-and-mortar point-of-sale (PoS) data in the U.S. and Europe, has changed up its tactics to target e-commerce sites. According to researchers at IBM X-Force Incident Response and Intelligence Services (IRIS), FIN6 (a.k.a. ITG08) ...
- Patch now: Cisco IOS XE routers exposed to rare 10/10-severity security flaw
August 29, 2019
Cisco is urging customers to install updates for a critical bug affecting its popular IOS XE operating system that powers millions of enterprise network devices around the world. The bug has a rare Common Vulnerability Scoring System (CVSS) version 3 rating of 10 out of a possible 10 and allows anyone on the internet to bypass the login ...