CCI | Computer Support

View Original

Beware: FakeUpdates Malware Bundling with BOINC Software

What’s Happening?

A new twist on an old malware, called SocGholish or FakeUpdates, is making the rounds. This time, it's hiding behind a legitimate software called BOINC. Here’s what you need to know to protect yourself.

What is BOINC?

BOINC stands for Berkeley Open Infrastructure Network Computing Client. It’s a volunteer computing platform where people donate their computer’s power to help scientific research. It’s like letting your computer work on big science problems while you’re not using it.

What’s the Threat?

Cybercriminals are using BOINC to disguise their attacks. Here’s how it works:

  1. Compromised Websites: You might visit a website that looks normal but is actually infected.

  2. Fake Browser Updates: The site prompts you to download what looks like a browser update.

  3. Malicious Script: The downloaded file, Update.js, runs a script that downloads more malicious files.

  4. BOINC Installation: These files include the BOINC software, which the malware uses to hide.

How It Works

  1. Initial Download: When you visit an infected website, you’re tricked into downloading a file.

  2. Execution: This file runs and uses PowerShell commands to download more scripts.

  3. BOINC Abuse: The malware then installs the BOINC software, disguising it with names like trustedinstaller.exe to avoid detection.

  4. Scheduled Tasks: It sets up tasks to run BOINC regularly, making it harder to spot.

Why It’s Dangerous

  • Hidden Activity: The malware uses legitimate software (BOINC) to hide its activities.

  • Persistent: It creates tasks that keep running, even if you restart your computer.

  • Potential for More Harm: The attackers could use this access to install more harmful software later.

What Can You Do?

  1. Be Cautious Online: Avoid downloading updates or software from unknown websites.

  2. Update Software Safely: Always download updates directly from the official website or through your software’s built-in update system.

  3. Use Antivirus Software: Keep your antivirus software updated to catch potential threats.

  4. Regular Checks: Periodically check for unusual programs or tasks running on your computer.

Conclusion

Stay vigilant and cautious online. If something feels off, it’s better to double-check than to fall victim to these sophisticated malware attacks. Stay safe!

Resources

For more detailed technical insights, cybersecurity enthusiasts and professionals can refer to the original reports from Huntress and Arctic Wolf.

Stay informed, stay safe!