Malware Infects Devices Through Windows Update

Hackers are getting better and better at distributing powerful malware. Our antiviruses need regular updating, as well as our own vigilance. Sometimes it’s enough to put your mind to work enough, without having to rely too much on specific software.

One characteristic of malware is that it often comes in the same package as some other software. Furthermore, the bundle will often get installed without the user’s approval or knowledge. However, we might all need to be aware of a specific malware right now that should remain on the front row of cyber threat news for some time.

North Korean group ‘Lazarus’ uses the Windows Update client to send dangerous code

According to Tom’s Hardware, the North Korean group Lazarus is leveraging the Windows Update client and Github for an evil scheme. The group distributes malware in a way that avoids security mechanisms. The Windows Update client is used to deploy the malicious code. As for GitHub, it is used as a command and control server.

Lazarus tries to steal intelligence data from high-end government entities. The documents Lockheed_Martin_JobOpportunities.docx, and Salary_Lockheed_Martin_job_opportunities_confidential.doc appear to attract people into new job opportunities at Lockheed Martin.

The Malwarebytes’ blog explains about the documents:

The compilation time for both of these documents is 2020-04-24, but we have enough indicators that confirm that they have been used in a campaign around late December 2021 and early 2022. Some of the indicators that shows this attack operated recently are the domains used by the threat actor.

Malware, in general, not only threatens the security of our devices. This malicious software is also difficult to remove. Malware capable of surviving the restart of the infected device is quite common. But there is also malware out there capable of surviving the reinstallation of the entire operating system.