Threat intelligence API Docs Pricing Solutions Resources Contact us

Threat reports

Read other reports

Don’t Hit That Update Button Just Yet, It Could Lead to Malware Infection





Microsoft regularly pushes out updates, sometimes even upgrades, for its software in an effort to heighten their security and fix bugs. But it’s also usual, too, to see news about threat actors taking advantage of the huge Windows user base by rolling out updates that are actually malware in disguise.

We got wind of just such a malware attack targeting Windows 11 users. Disguised as updates, the malware connected to this threat put affected users at risk of saved browser data, computer file, and crypto wallet theft.1 Using one domain and one IP address identified as indicators of compromise (IoCs) as investigation jump-off points,2 we found:

  • Close to 200 possibly connected domains
  • Around 300 possibly connected subdomains
  • 85% of the possibly connected domains and subdomains were not owned by Microsoft even if they contained the Windows brand name
  • Windows 7 users were most at risk as 13% of the suspicious domains contained the string “windows7”
  • Almost 200 possibly connected IP addresses, about a tenth of which were dubbed “malicious” by various malware engines

Download the threat research materials now to access a sampled list of identified artifacts used to conduct additional enrichment and threat analysis.

---

  • [1] https://www.hackread.com/beware-fake-windows-11-update-delivering-malware/#:~:text=According%20to%20researchers%2C%20the%20fake,pretty%20convincing%20to%20unsuspecting%20users.
  • [2] https://otx.alienvault.com/pulse/625fdfc069b64762bb5ea0ec
Read other reports
To download the full report in PDF, please fill in the form.
I have read and agree to the Terms of Service and Privacy Policy
Please keep me updated on news, events, and offers.

Try our Threat Intelligence API for free

Get FREE trial
Have questions?

We work hard to improve our services for you. As part of that, we welcome your feedback, questions and suggestions. Please let us know your thoughts and feelings, and any way in which you think we can improve our product.

For a quick response, please select the request type that best suits your needs.

Or shoot us an email to

Threat Intelligence Platform uses cookies to provide you with the best user experience on our website. They also help us understand how our site is being used. Find out more here. By continuing to use our site you consent to the use of cookies.