Security News > 2022 > March > The Windows malware on Ukraine CERT's radar

As Ukraine fights for survival against invading Russian forces, here's a taste of some of the malware the nation's Computer Emergency Response Team is battling.
To start, the team earlier this month said miscreants had spammed out emails impersonating government agencies containing links to fake Windows antivirus updates.
If the victim downloaded and ran the fake antivirus update, they would see a screen that told them to install a Windows Update package.
Ukraine's CERT has previously warned of attempts to spread the credential-stealing Formbook, aka XLoader, Windows malware within the nation's state organizations as well as the distribution of the MicroBackdoor Windows software nasty.
The nation's CERT blamed the fake antivirus updates on UAC-0056, aka TA471 or SaintBear, a pro-Russian crew that has targeted Georgia and Ukraine in the past.
ESET this week warned another data-deleting Windows malware strain is being used against Ukrainian organizations.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/03/16/ukraine_cobalt_caddywipe/
Related news
- Steam pulls game demo infecting Windows with info-stealing malware (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
- APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware (source)
- CERT-UA Reports Cyberattacks Targeting Ukrainian State Systems with WRECKSTEEL Malware (source)
- WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401) (source)