The minds behind one of the most infamous Malware families around the world are adopting new approaches to deceive potential victims. It will be a new one phishing campaign used with a fake Windows update alert to compromise victim systems.
The fraudulent emails do not mention anything about an upcoming update in the subject of the email or in the content itself. You follow the role models of the described in “Cybercriminal Handbooks”. Phishing emails, which has a strong focus on current topics such as COVID-19 or rely on the tried and tested classics such as fake shipping notifications, invoices or applications.
Only when the attachments are opened is the future victim foisted with a fake update notification. The following image was taken by Bleeping Computer team for Disposal posed and shows in detailt, wwhat the new attack looks like.
The reason for the new Windows update method can be found in the yellow bar that appears when opening the attachments. The Office family products have built-in security mechanisms to protect the user from harmful email attachments. The “Protected View” warning shown in the image is one of these mechanisms. In this case, the warning is clear: the attached files and documents may contain viruses. However, the system has not yet been infected at this point in time. An infection with “Emote” he follows namely only when “protected View” is switched off manually and switched to write mode. The hackers achieve this through social engineering. The goal here is it the To make the file look so credible that the unsuspecting victim canEnable editing“Press button. As is often the case with such fraudulent emails, a critical eye and re-reading can ensure that the fraud is detected. Because in addition to spelling errors – it should be “upgraded” and not “upgrade” – Microsoft will never notify users about Office upgrades. Normally, only a message in the program itself informs about available updates.
The first step in the fight against this type of malware is to remain vigilant and learn to recognize threats. Small differences in design or choice of words make the difference between harmless updates and dangerous malware.
