June 7, 2023

The Magniber ransomware is apparently spreading via fake Windows 10 updates in its latest campaign. Back in 2021, the Magniber threat actors were using the PrintNightmare exploit to infect victims, and recently in January 2022, it was spreading via Microsoft Edge and Chrome.

This new report comes via BleepingComputer which noticed a lot of user reports regarding this new infection that seems to be affecting people worldwide. The malicious updates pretend to be real and some of them even have fake knowledge base (KB) IDs attached to them. Here are some of these fake malicious updates:

  • Win10.0_System_Upgrade_Software.msi
  • Security_Upgrade_Software_Win10.0.msi
  • System.Upgrade.Win10.0-KB47287134.msi
  • System.Upgrade.Win10.0-KB82260712.msi
  • System.Upgrade.Win10.0-KB18062410.msi
  • System.Upgrade.Win10.0-KB66846525.msi

These malicious updates are being spread via warez and piracy websites. Here is one such example:

Once the malicious files are installed, they go on to delete the backup volume shadow copy of the encrypted drives and create a “README” HTML file that contains the ransom notes

On the ransomware payment site, the threat actors ask the victims to pay up around $2,600 or 0.068 bitcoins (BTC), and the ransom is set to double if five days go without payment.

To protect yourself from such a campaign, it is best to avoid such unofficial sources of downloading Windows updates and directly download them via your settings. You can also look for standalone updates on the Microsoft Update Catalog website.

Leave a Reply

%d bloggers like this: