Security News > 2022 > March > Fake antivirus updates used to deploy Cobalt Strike in Ukraine
Ukraine's Computer Emergency Response Team is warning that threat actors are distributing fake Windows antivirus updates that install Cobalt Strike and other malware.
The phishing emails are sent to Ukrainian state bodies and propose downloading "Critical security updates," which come in the form of a 60 MB file named "BitdefenderWindowsUpdatePackage.exe."
These emails contain a link to a French website that offers download buttons for the alleged AV software updates.
When a victim downloads and run this fake BitDefender Windows update [VirusTotal], the screen below will be shown prompting the users to install a 'Windows Update Package.
Exe file [VirusTotal] from the Discord CDN, which is a Cobalt Strike beacon.
Cobalt Strike is a widely abused penetration testing suite that offers offensive security capabilities, facilitates lateral network movement, and ensures persistence.