Threat Watch

Fake Windows 10 Updates Infect Devices with Magniber Ransomware

Fake Windows 10 updates are being used to distribute the Magniber ransomware in a massive campaign that started earlier this month. Over the past few days, researchers at BleepingComputer have received a surge of requests for help regarding a ransomware infection targeting users worldwide. While researching the campaign, researchers discovered a topic in the forums where readers report becoming infected by the Magniber ransomware after installing what is believed to be a Windows 10 cumulative or security update. These updates are distributed under various names, with Win10.0_System_Upgrade_Software.msi and Security_Upgrade_Software_Win10.0.msi being the most common. Other downloads pretend to be Windows 10 cumulative updates, using fake knowledge base articles, as shown below.

System.Upgrade.Win10.0-KB47287134.msi

System.Upgrade.Win10.0-KB82260712.msi

System.Upgrade.Win10.0-KB18062410.msi

System.Upgrade.Win10.0-KB66846525.msi

ANALYST NOTES

Aside from it being legally unwise to use pirated software of any kind in a business environment, sites for downloading pirated software are a commonplace for threat actors to plant trojanized versions of software. It is highly recommended to use a legitimate version of Windows and never download security updates from any source other than Microsoft.

https://www.bleepingcomputer.com/news/security/fake-windows-10-updates-infect-you-with-magniber-ransomware/