A new malware campaign is under way: emails sent from a fake Microsoft address are pushing people to download a malicious Windows 10 “critical update”. Beware!
Spotted by computer security company Trustwave, the subject of the mail says “Install Latest Microsoft Update now!” or “Critical Microsoft Windows Update!” The mail contains one single line that says “Please install the latest critical update from Microsoft attached to this mail” and an attached file.
If you receive such an email, here are the steps you should take:
1. Delete the mail right away.
2. Write several post-it notes that say “Microsoft NEVER SENDS update notices via email” and place them around your home and loved ones’ computers.
How this malware works
The mail contains a jpg file that is actually not a picture but an executable .NET file that will infect your PC.
This executable will download a program called “bitcoingenerator.exe” which comes from misterbtc2020 — a GitHub account. But this bitcoin generator doesn’t generate any virtual riches: it’s a ransomware called Cyborg.
Cyborg will encrypt all your files, locking their contents and changing their extensions to 777. You will also find a text file on your desktop named “Cyborg_DECRYPT.txt”, containing instructions about how to recover your life — for a price.
According to Trustwave, there are four variants of this malicious software. Following the trail, they reached to Russia. Because, of course it was going to be Russia.
Trustwave says this is a real danger to businesses and individuals alike, with the capacity to be attached to other emails and evade any gateway controls.
With that in mind, it’s good to remember to always distrust any mails you get, even if you think they come from a trustworthy source, and never blindingly click on something you didn’t ask for — even if you have the best antivirus software installed. You never know when the next malware will hit.