Security News > 2022 > March > The Windows malware on Ukraine CERT's radar
As Ukraine fights for survival against invading Russian forces, here's a taste of some of the malware the nation's Computer Emergency Response Team is battling.
To start, the team earlier this month said miscreants had spammed out emails impersonating government agencies containing links to fake Windows antivirus updates.
If the victim downloaded and ran the fake antivirus update, they would see a screen that told them to install a Windows Update package.
Ukraine's CERT has previously warned of attempts to spread the credential-stealing Formbook, aka XLoader, Windows malware within the nation's state organizations as well as the distribution of the MicroBackdoor Windows software nasty.
The nation's CERT blamed the fake antivirus updates on UAC-0056, aka TA471 or SaintBear, a pro-Russian crew that has targeted Georgia and Ukraine in the past.
ESET this week warned another data-deleting Windows malware strain is being used against Ukrainian organizations.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/03/16/ukraine_cobalt_caddywipe/
Related news
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Windows, macOS users targeted with crypto-and-info-stealing malware (source)
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)
- New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools (source)
- Secret Blizzard Deploys Kazuar Backdoor in Ukraine Using Amadey Malware-as-a-Service (source)