Skip to main content

FakeUpdates Malware Campaign

A new malware campaign has been observed using legitimate but compromised websites and fraudulent updates to infect users. This campaign is affecting multiple content management systems including WordPress, Joomla and Squarespace.
Threat ID:
CC-2283
Category:
Threat Severity:
Medium
Threat Vector:
Published:
19 April 2018 12:00 AM
Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

A new malware campaign has been observed using legitimate but compromised websites and fraudulent updates to infect users. This campaign is affecting multiple content management systems including WordPress, Joomla and Squarespace.

Affected platforms

The following platforms are known to be affected:

Microsoft Windows

  • Microsoft Windows - All versions

Threat details

The creators of the campaign use social engineering to coerce unsuspecting users to download updates when visiting trusted sites. The updates are actually disguised scripts which are downloaded from a number of DropBox file hosting accounts. This script then initiates the payload installation, with the NetSupport remote access trojan and Chtonic financial trojan observed as payloads

Remediation steps

Type Step
Users should be conscious of the sites they visit and files they download. Downloads should not be initiated if they are not expected or if the site they are downloaded from appears suspicious. If possible, users should not be allowed to download files from untrusted locations.

Last edited: 17 February 2020 12:42 pm