This malware tool is still successfully exploiting Internet Explorer vulnerabilities

The notorious exploit-as-a-service RIG Exploit Kit, targeting users of the positively ancient, vulnerability-ridden web browser Internet Explorer, is still going strong, experts have warned.

Per a report by security research firm Prodaft, installs of the kit are attempting around 2,000 intrusions a day, and succeeding 30% of the time, allowing it to spread infostealers and other forms of malware to users in over 207 countries.

Despite warning against the rise of cybercrime-as-a-service in 2022’s Microsoft Digital Defence Report, and RIG being known to also distribute ransomware, millions of users (mostly in enterprise) just won’t stop using Windows Explorer, having apparently no regard for data privacy.

Update your browser, please God

Internet Explorer has been old news since around 2015, when the now Chromium-based Edge was put into development, and completely depreciated since August 2021

And in February 2023, Microsoft announced that it’s finally getting around to scrubbing every last bit of it from existence, such an embarrassment it is in this day and age, and making you use Edge anyway (although you can still do a lot better).

We keep writing about it, and we keep getting emails from burgeoning violent criminals swearing at us over why we bother doling out security posture advice for businesses at all. (Hugs and kisses to all our readership, even if they’ve fled an institution. xox)

But, do you know what, we’re going to do it again: buy new laptops running Windows 11, and enjoy all the advancements in UI that have come on in the last 28 years, you wanton maniac.

And then maybe you won’t have to keep a straight face in front of IT when threat actors known only as “Bean Meme Gang” steal the private medical records of a million people, and we could write about something else.

Via BleepingComputer

TechRadar – All the latest technology news

Read More

Warning: this fake Windows 11 upgrade is filled with malware

Security researchers have found a fake Windows 11 upgrade website that promises to offer a free Windows 11 install for PCs that don’t meet the minimum specifications, but actually installs data-stealing malware.

Windows 11 has some… interesting… requirements to run, and its most famous demand is for Trusted Platform Module (TPM) version 2.0 support. This has led to perfectly capable, and powerful, PCs and laptops being unable to upgrade to Windows 11, as they did not meet the minimum specifications.

Understandably, this annoyed people with relatively new hardware that couldn’t upgrade to the latest version of Windows, and many looked at ways of circumnavigating the TPM 2.0 requirement to install Windows 11 on their unsupported devices.

It’s these people that this new threat is targeting, as Bleeping Computer reports.

Looking legitimate

While the website’s address (URL) should be a red flag (we won't mention it here), as it’s clearly not a Microsoft website, the actual website itself does look like it’s an official Microsoft website, using logos and artwork that makes it difficult to tell it apart from a real Microsoft page.

However, as security researchers CloudSEK discovered by clicking the ‘Download now’ button, the website downloads an ISO file that contains malware.

This malware, called ‘Inno Stealer’, uses a part of the Windows installer to create temporary files on an infected PC. These create processes that run and place four additional files on your PC, some of which contain scripts that disable various security features, including in the Windows registry. They also tweak the built-in Windows Defender anti-virus, and remove other security products from Emisoft and ESET.

Other files then run commands at the highest system privileges, while yet another file is created in the C:\Users\AppData\Roaming\Windows11InstallationAssistant folder, and it’s this file that contains the data-stealing code, named Windows11InstallationAssistant.scr. This then takes information from web browsers, as well as cryptocurrency wallets, stored passwords and files from the PC itself. This stolen data is then sent to the malicious users who created the malware.

Pretty nasty stuff.


Analysis: Be careful what you wish for

Hacker

(Image credit: Pixabay)

The scale of the infection here, and what it’s able to steal from you, is very scary, but the good news is that it’s easy to avoid.

No matter how desperate you are to install Windows 11, you should only download ISO files from sources you are absolutely certain are legitimate. While the makers of this malware have put in a lot of work to make the website look legitimate (like many so-called ‘phishing’ attacks), there are some tell-tale signs, such as the aforementioned URL, which highlights that this is not a genuine Microsoft website.

If your PC is eligible for a Windows 11 upgrade, you’ll be alerted via Windows Update, a tool that’s built into Windows operating systems. This is the safest way to ensure you are downloading and installing a genuine copy of Windows 11.

If your PC isn’t eligible, due to not meeting the TPM 2.0 requirements, then there are some safer ways to install Windows 11 without TPM anyway. But we don’t really recommend any of them, especially as Microsoft is making it harder to run Windows 11 on unsupported systems, which could mean you miss out on important updates, security fixes and features in the future.

Above all, however, you should never attempt to download and install a Windows 11 ISO file from any website that isn’t run by Microsoft itself.

TechRadar – All the latest technology news

Read More