Security News > 2022 > March > The Windows malware on Ukraine CERT's radar
As Ukraine fights for survival against invading Russian forces, here's a taste of some of the malware the nation's Computer Emergency Response Team is battling.
To start, the team earlier this month said miscreants had spammed out emails impersonating government agencies containing links to fake Windows antivirus updates.
If the victim downloaded and ran the fake antivirus update, they would see a screen that told them to install a Windows Update package.
Ukraine's CERT has previously warned of attempts to spread the credential-stealing Formbook, aka XLoader, Windows malware within the nation's state organizations as well as the distribution of the MicroBackdoor Windows software nasty.
The nation's CERT blamed the fake antivirus updates on UAC-0056, aka TA471 or SaintBear, a pro-Russian crew that has targeted Georgia and Ukraine in the past.
ESET this week warned another data-deleting Windows malware strain is being used against Ukrainian organizations.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/03/16/ukraine_cobalt_caddywipe/
Related news
- FBI wipes Chinese PlugX malware from thousands of Windows PCs in America (source)
- New Microsoft script updates Windows media with bootkit malware fixes (source)
- Russian military hackers deploy malicious Windows activators in Ukraine (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)