Fake (*10*) Windows 10 updates are reportedly being used to spread the (*10*) Magniber ransomware strain.
Ransomware continues to plague consumers and businesses, but Magniber seems to be targeting mostly students and other non-professional users, sources say (*10*) Bleeping Computer.
Based on the Magnitude exploit kit, the strain first appeared in 2017 as a successor to (*10*) Cerber and, at the time, was almost exclusively targeting (*10*) South Korean users.
Initially, Magniber targeted users who were still using Internet Explorer. The (*10*) ransomware gang then expanded the scope of (*10*) its operations to infect systems in China, Taiwan, Hong Kong, Singapore and Malaysia.
Malicious updates (*10*) Windows 10
These harmful fake (*10*) Windows 10 updates are distributed with names like Win10.0_System_Upgrade_Software.msi and Security_Upgrade_Software_Win10.0.msi via (*10*) platforms such as (*10*) crack sites, posing as legitimate cumulative updates or (*10*) security.
Magniber generates a README.html document in each folder it encrypts. The documents then redirect users to the (*10*) paid Tor (*10*) Magniber site, which is called "My Decryptor".
The website (*10*) the network (*10*) cybercriminals kindly provides users with a free file, which they will decrypt at no cost, and lets them know which address (*10*) cryptocurrency to send coins to if they decide to pay the rescue. It also offers options to contact its "team (*10*) support", according to the sources.
(*10*) ransomware demands tend to be around €2500 or 0,068 bitcoins, suggests Bleeping Computer. There is currently no known way to (*10*) decrypt files encrypted by the (*10*) Magniber ransomware (*10*) variety for free.
Fake software updaters, covering everything from anti-virus software to (*10*) Flash Player updates, have been a popular method for years to trick users into downloading malware, the combination (*10*) the threat and (*10*) urgency effectively fooling usuarios.
For example, (*10*) cybersecurity (*10*) MalwareHunterTeam researchers recently identified an SMS (*10*) phishing campaign in which Android (*10*) users receive an SMS claiming to download (*10*) *10*) A video they started could not be completed without a (*XNUMX*) Flash Player update.
The same SMS message provides a link to where the "update" can be found, which instead directs victims to the Android banking Trojan FluBot malware, which steals login (*10*) credentials by the overlap (*10*) many global banks.
Through the beep (*10*) the computer