Stop Before You Update…It Could be Malware!

Downloading an innocent update for Microsoft Office at work can bring on a world of hurt to yourself and your place of business. As malware download attacks continue to grow, Cobalt Gang is in the news again for its highly successful malware downloader called CobInt. It’s no coincidence the name closely mirrors Cobalt, as the hackers want the credit given to the Cobalt gang. Many of CobInt’s victims are easily lured by fake Microsoft updates that are loaded with malware.

The group originally made the news in 2013, after a successful string of attacks on over 100 financial institutions in 40 countries. Despite efforts by international forces leading to the arrest of Cobalt’s mastermind earlier this year, they’re at it again with the new and improved CobInt downloader.

Fake update downloads are on the rise, and Microsoft isn’t the only attack vector used by hackers. Google Chrome, Adobe Flash, and Firefox users have also been duped into installing bogus updates. Malicious downloads have more than just one goal in mind. In this case, when CobInt gains access to a system through a fake update, all bets are off since the initial malware download is just the beginning. Once the malware is downloaded as the first stage, the virus spends time “looking around” systems and hackers decide if it’s worth it to continue with additional attack stages. This dwell-time allows hackers to observe the inner workings of a system and its weaknesses, finding even more ways to do damage. Based on what the original malware download exposes, additional malware can be sent to infiltrate systems and find different attack vectors. It’s an effective way for malware download leaders like CobInt to maximize damage in a much more invasive and successful attack.

Since download malware is on the rise, users need to find a way to not only detect it, but avoid being a victim. Always start with a healthy dose of suspicion before allowing downloads. Assume emails or pop-up messages notifying you of an update for anything are fake from the start. Never click on those big and tempting “Download” buttons before doing your homework. In fact, not opening emails about updates and simply deleting them (it’s your option to report them as spam to your email service provider before deleting) is your best bet.

Going directly to a website--never click on an email download link or call a phone number provided, as they are also fake--to find if an update is available is a great way to find if the download is legitimate. Always use update services that apps and programs make available. You can choose settings allowing updates to install automatically or choose settings that give you update details before allowing the download. If there’s any question about downloading an update, don’t do it. It’s always worth it to do a little homework and find out if that update is the real deal.