Keep up to date with the most important stories and the best deals, as picked by the PC Gamer team.
Get full access to premium articles, exclusive features and a growing list of member rewards.
Even though I've been immersed in all things tech for some time now, I'm not arrogant enough to think I'll never be caught out by a phishing email or downloading dodgy software.
That's especially true as online scams grow in sophistication—for instance, there's a fake Windows support page that tricks users into downloading password-stealing malware.
The fake support page alleges a 'cumulative update' for 'Windows Update version 24H2,' complete with a KB article number that's passable at a glance.
Anyone who actually hits the big blue 'Download the update' button will get a convincingly spoofed Windows Installer package.
Unfortunately, this download is actually malware that can hoover up "passwords, payment details, and account access", according to cybersecurity company Malwarebytes .
Even downloading the dodgy software may not raise alarm bells at first.
The suspicious package was built using WiX Toolset 4.0.0.5512, which Malwarebytes describes as "a legitimate open-source installer framework." The 83 MB package is called 'WindowsUpdate 1.0.0.msi,' with an Author field that reads "Microsoft," and a title of "Installation Database." The comments field also alleges that the file offers "the logic and data required to install WindowsUpdate."
So, that's how it escapes user notice—but it may also squeak past whatever anti-virus you have installed too.
"At the time of analysis, VirusTotal showed zero detections across 69 engines for the main executable and 62 for the VBS launcher.
No YARA rules matched, and behavioural scoring classified the activity as low risk," Malwarebytes reported.
"This is not a failure of any single tool.
It’s the intended result of the malware’s architecture."
Cracking this bad boy open, it becomes clear the package is flying under the radar due to an Electron shell obfuscating malicious JavaScript inside.
In other words, your PC's automatic defences will ding the outer Electron layer—which is a free and open-source software framework used by plenty of legitimate apps—and won't wade far enough in to uncover the suss script at its core.
I would admire such sneaky construction, were it not for all of the credential sniffing.
It's striking the lengths the scammers have gone to ensure this malicious page passes muster, but there is a key giveaway should you find yourself on this fake Windows website.
Specifically, you should keep your eyes peeled for the dodgy domain 'microsoft-update[.]support'—Microsoft's genuine support hub is found at ' support.microsoft.com '.
1.
Best gaming chair: Secretlab Titan Evo
2.
Best gaming desk: Secretlab Magnus Pro XL
3.
Best gaming headset: Razer BlackShark V3
4.
Best gaming keyboard: Asus ROG Strix Scope II 96 Wireless
5.
Best gaming mouse: Razer DeathAdder V4 Pro
6.
Best PC controller: GameSir G7 Pro
7.
Best steering wheel: Logitech G Pro Racing Wheel
8.
Best microphone: Shure MV6 USB Gaming Microphone
9.
Best webcam: Elgato Facecam MK.2
👉 Check out our list of guides 👈
Jess has been writing about games for over ten years, spending a significant chunk of that time working on print publications PLAY and Official PlayStation Magazine.
When she’s not investigating all things hardware here, she's either constructing a passionate defence of a 7/10 game, daydreaming about her debut novel, or feeling wistful about the last time she chased some nerds around a field with an oversized foam sword.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
Related Stories
Source: This article was originally published by PC Gamer
Read Full Original Article →
Comments (0)
No comments yet. Be the first to comment!
Leave a Comment