Security News > 2022 > March > The Windows malware on Ukraine CERT's radar
As Ukraine fights for survival against invading Russian forces, here's a taste of some of the malware the nation's Computer Emergency Response Team is battling.
To start, the team earlier this month said miscreants had spammed out emails impersonating government agencies containing links to fake Windows antivirus updates.
If the victim downloaded and ran the fake antivirus update, they would see a screen that told them to install a Windows Update package.
Ukraine's CERT has previously warned of attempts to spread the credential-stealing Formbook, aka XLoader, Windows malware within the nation's state organizations as well as the distribution of the MicroBackdoor Windows software nasty.
The nation's CERT blamed the fake antivirus updates on UAC-0056, aka TA471 or SaintBear, a pro-Russian crew that has targeted Georgia and Ukraine in the past.
ESET this week warned another data-deleting Windows malware strain is being used against Ukrainian organizations.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/03/16/ukraine_cobalt_caddywipe/
Related news
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- New SteelFox malware hijacks Windows PCs using vulnerable driver (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)