Fake Windows Updater Bypass Email Gateways To Launch Cyborg Ransomware On Windows PC

From gbhackers.com

Cyborg Ransomware

New malspam email campaign discovered with fake windows updater and its Builder, through which hackers launching Cyborg Ransomware to encrypt the compromised systems files.

A spam email claims to be from Microsoft and email body urges the victims to Install the Latest “Microsoft Windows Update” by opening the attached file. Fake update attachment appears with a random name although having a “.jpg” file extension, but is actually an executable file with the file size of 28KB. Once the victims execute the file, a .NET downloader that will drop another malware on compromised victims’ computers.

Researchers found #Strings section that gives major clues to the executable’s behaviors. One of the notable things is that the hoax Microsoft update will download another executable file from GitHub.

Read more…