New malspam email campaign discovered with fake windows updater and its Builder, through which hackers launching Cyborg Ransomware to encrypt the compromised systems files.
A spam email claims to be from Microsoft and email body urges the victims to Install the Latest “Microsoft Windows Update” by opening the attached file. Fake update attachment appears with a random name although having a “.jpg” file extension, but is actually an executable file with the file size of 28KB. Once the victims execute the file, a .NET downloader that will drop another malware on compromised victims’ computers.
Researchers found #Strings section that gives major clues to the executable’s behaviors. One of the notable things is that the hoax Microsoft update will download another executable file from GitHub.