These fake Windows 10 updates will land you with a ransomware infection

News
By published

Cybercriminals are smuggling malware inside fake Windows 10 updates

Man upset using a laptop
(Image credit: Shutterstock)

Fake Windows 10 updates are being used to spread the Magniber ransomware strain, reports suggest.

Ransomware continues to be a scourge for consumers and businesses alike, but Magniber mainly seems to be targeting students and other non-professional users, according to Bleeping Computer sources.

Based on the Magnitude exploit kit, the strain first appeared in 2017 as a successor to Cerber, and at the time almost exclusively targeted South Korean users.

Initially, Magniber targeted users who were still using Internet Explorer. The ransomware gang then expanded the scope of its operations to infecting systems in China, Taiwan, Hong Kong, Singapore, and Malaysia.

Malicious Windows 10 updates

These damaging fake Windows 10 updates are being distributed under names such as Win10.0_System_Upgrade_Software.msi and Security_Upgrade_Software_Win10.0.msi via platforms such as crack sites, posing as legitimate cumulative or security updates.

Magniber produces a README.html document in each folder which it encrypts. The documents then redirect users to Magniber’s Tor payment site, which is called 'My Decryptor'.

The cybercriminal ring’s website graciously provides users with one free file, which it will decrypt without charge, and allows users to find out which cryptocurrency address to send coins to if they decide to pay the ransom. It also provides options to contact its “support team'', according to the sources.

The ransomware demands tend to be around $2,500 or 0.068 bitcoin, Bleeping Computer suggests. There are not currently any known ways of decrypting files encrypted by the Magniber ransomware strain for free.

Read more

> Nasty WordPress plugin bug puts thousands of sites at risk

> Hackers have found a sneaky new way to infect Windows devices

> This spiteful ransomware strain is even more dangerous than most

Fake software updates, covering everything from antivirus software to Flash Player Updates, have been a consistently popular method of duping users into downloading malware for years, with the combination of threat and urgency effectively duping users. 

For example, cybersecurity researchers from MalwareHunterTeam recently identified an SMS phishing campaign whereby Android users receive a text message claiming that a video upload they started couldn’t be completed without an update to the Flash Player

The same SMS message provides a link to where the “update” can be found, which instead directs victims to Android banking trojan FluBot malware, which steals login information by overlaying many global banks.

Via Bleeping Computer 

Will McCurdy

Will McCurdy has been writing about technology for over five years. He has a wide range of specialities including cybersecurity, fintech, cryptocurrencies, blockchain, cloud computing, payments, artificial intelligence, retail technology, and venture capital investment. He has previously written for AltFi, FStech, Retail Systems, and National Technology News and is an experienced podcast and webinar host, as well as an avid long-form feature writer.

Read more
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
These fake macOS updates are actually just looking to spread malware
A digital representation of a lock
Security experts are being targeted with fake malware discoveries
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
Over 10,000 WordPress sites found showing fake Google browser update pages to spread malware
Representational image of a cybercriminal
Criminals are spreading malware disguised as DeepSeek AI
Representational image of a cybercriminal
Microsoft discovers five potentially damaging attacks against its own software
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
Fake Reddit sites found pushing Lumma Stealer malware
Latest in Security
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple H3C Magic routers hit by critical severity remote command injection, with no fix in sight
An abstract image of a lock against a digital background, denoting cybersecurity.
Critical security flaw in Next.js could spell big trouble for JavaScript users
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Latest in News
Samsung Galaxy S25 from the front
The Now Bar on Samsung One UI 7 is about to get a lot more useful – and could soon match Live Activities on iOS
Marvel Rivals
Marvel Rivals will get two new hero skins for Moon Knight and Black Panther this week meaning I'll now need to farm even more Units
Netflix Ads
Netflix adds HDR10+ support – great news for Samsung TV owners, but don't expect LG and Sony to do the same any time soon
Klipsch Klipschorn AK7 in a room with lots of dark wood furniture and a bare brick wall
Klipsch just updated two of its most iconic stereo speaker designs, keeping these beautiful retro icons on your most-wanted list
FiiO FX17 IEMs
Our favorite budget audiophile brand unveils wired earbuds with 26(!) drivers, electrostatic units, USB-C ultra-Hi-Res Audio, and a not-so-budget price
Nvidia RTX 5080 against a yellow TechRadar background
RTX 5080 24GB version teased by MSI - is it time to admit that 16GB isn't enough for 4K?
More about security
Code Skull

Interpol operation arrests 300 suspects linked to African cybercrime rings
An abstract image of a lock against a digital background, denoting cybersecurity.

Critical security flaw in Next.js could spell big trouble for JavaScript users
Hisense U6N lowest price deal image with NBA player on screen on blue background

The Hisense U6N was one of the best budget TVs I tested in 2024, and it's just hit a record-low price in Amazon's Spring Sale
See more latest
Most Popular
Marvel Rivals
Marvel Rivals will get two new hero skins for Moon Knight and Black Panther this week meaning I'll now need to farm even more Units
Klipsch Klipschorn AK7 in a room with lots of dark wood furniture and a bare brick wall
Klipsch just updated two of its most iconic stereo speaker designs, keeping these beautiful retro icons on your most-wanted list
Samsung Galaxy S25 from the front
The Now Bar on Samsung One UI 7 is about to get a lot more useful – and could soon match Live Activities on iOS
A close up of the PlayStation symbol at the top of a PS5 Slim console with a white brick background
Sony has dropped a new PS5 update, improving activities and adding more emoji support
Netflix Ads
Netflix adds HDR10+ support – great news for Samsung TV owners, but don't expect LG and Sony to do the same any time soon
Nvidia RTX 5080 against a yellow TechRadar background
RTX 5080 24GB version teased by MSI - is it time to admit that 16GB isn't enough for 4K?
Google Pixel 9a being held, from the back
The Google Pixel 9a’s mysterious delay may have just been explained
Nintendo Sound Clock: Alarmo
Nintendo Sound Clock: Alarmo gets new update with more customizable features ahead of the Switch 2 Direct
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
FiiO FX17 IEMs
Our favorite budget audiophile brand unveils wired earbuds with 26(!) drivers, electrostatic units, USB-C ultra-Hi-Res Audio, and a not-so-budget price