Keeping the system updated is essential to avoid security problems. However, it is also essential to install these updates correctly. In fact, in many cases we can run into problems if we download the files from third party sites, for example. In this article we echo the latest attack used by hackers to sneak malware via Windows Update.
Fake Windows Update files
It is specifically the group of cybercriminals known as Lazarus. They have added the Windows Update client to their list of binaries and use it to execute malicious code on Windows systems. It has been discovered by a group of security researchers from malwarebytes.
As is often the case with these types of attacks, they require the victim to download a file. They launch a Phishing attack pretending to be a legitimate company, for example. When the victim opens that file, what he actually does is execute malicious macros and drop a file WindowsUpdateConf.lnk and another DLL (wuaueng.dll) in Windows system.
Subsequently, what the first file does is start the Windows Update client and executes the malicious payload of the DLL file. They basically use Windows Update to run the malicious file and bypass any security measures that may be in place. It is undoubtedly a major problem, which leaves users unprotected.
Keep in mind that this technique is not new. Similar attacks have appeared on other occasions that take advantage of the Windows Update client and thus execute malicious code in the Microsoft system. In this case, that malicious code is executed through a DLL file.
The Lazarus group is quite well known. In fact, his operations coordinated the global campaign of the WannaCry ransomware that affected so much in 2017. In addition, he has been a participant in many other cyber threats. However, whatever the group behind these attacks, it is essential to be protected and not make mistakes.
How to avoid this problem
What can we do to prevent this type of security attack? Undoubtedly the most important is the common sense. We have seen that in the case of this attack that uses Windows Update it is based on Phishing, in getting the victim to download a file through trickery.
Therefore, the main thing is to download applications and files only from official sites, from safe sites that do not represent a threat. For example, it is a mistake to download attachments that we receive by email without really knowing who may be behind it. The same through social networks or any page.
Also, it is essential to have updated systems. This will allow us to correct many vulnerabilities that may appear and be a real problem for our security. We must at all times have the latest patches available for any program we use.
In addition, it is also convenient to have a good antivirus. This will allow detection of malware entry and notify us in case we have downloaded a threat by mistake. Windows Defender itself is a good solution for Microsoft systems and to prevent intruders on the computer.
