Posted on March 1, 2020 at 6:05 PM
Security researchers have warned Windows 10 users that a new set of hackers are now targeting newly updated computers. As Windows 10 users keep adding new functionality and features, hackers are continuously seeking new ways to exploit these users and launch an attack on their system.
Even when users have constantly updated their operating systems, new research has discovered that some hackers may still find ways to exploit these updated systems. The recent TrickBolt malware attack is a perfect example of the continuous threat to systems even when they are fully updated.
In this case, the TrickBolt malware campaign was used to infiltrate the updated systems of some Windows 10 users. Sadly, some security researchers have pointed out that the sanitization of the Microsoft macro threat may not be possible anytime soon, going by the current situation of cybersecurity.
The malicious “macro virus” has been in existence for more than 2 decades. The malicious threat, which often attacks word documents, became very famous years later.
It got to the extent that Microsoft decided to take a proactive approach by disabling macros by default in 2000.
However, the proactive measure did not completely quell the attack or stop the threat, as Google revealed that such malicious documents were seen in about 58 percent of the malware that affects Gmail users.
TrickBot Trojan used to target Windows 10 systems
Researchers are now warning new Windows users of a new malware campaign that targets the desktop Active control function in Word documents. Now, the banking Trojan referred to as TrickBot is used to target the windows 10 users for Bitcoin stealing and credential harvesting.
Earlier this year, security researchers revealed that the TrickBot malware enterprise was gaining access to the Windows system through the backdoor, which makes it difficult to detect. The researchers also said that the TrickBot malware has already infiltrated about 250million emails before it was discovered.
The malware, while trying to evade detection, has evolved over the past few months. And the malware has continued to evolve since then to avoid being detected.
According to the security researchers at Morphisec Lab, TrickBot has updated its delivery and attack method on Windows 10 users completely in the crosshairs.
The researchers also pointed out that the actors of the TrickBot attack are taking advantage of the threat window that opens operating systems like Windows 10. A researcher at Morphisec, Michael Gorelik, said that the actors are using the ActiveX control protocol to execute malicious attacks on Windows 10 and are seriously evading detection from Windows 10 security shield.
According to him, “The attackers utilize the ActiveX control for automatic execution of the malicious macro following an enable of the document content.”
Malware has stayed under the radar for long
The attackers have made sure the malicious software stays under the radar as it exploits Microsoft Word documents in Windows 10. The affected document in the malware attack contains an image that seems to show an encrypted document, which keeps the ActiveX control under the radar. Once the user is deceived into enabling the content, it automatically launches the attack on the user’s word documents.
The researchers also said the attackers concealed the “OSTAP” downloader and kept it invisible in the human eye, making it more difficult for the user to detect any malicious activity. The worst part is the fact that computers will see this malicious downloader element but interpret it as genuine
This arrangement by the hackers is primarily intended to attack Windows 10 users who have done the most recent updates.
With this latest information, it seems regularly updating the system with the most recent software updates is no longer enough to keep hackers at bay as they are now trying new methods to infiltrate recently updated systems.
Researchers said users should be security cautious
In line with this development, researchers have warned users to be extremely careful with their activities online. Even if hackers succeed in infiltrating an updated system, they wouldn’t find anything substantial if the users do not keep them in their system.
Users to be careful with the type of information they keep in their system and what they exchange online. The researchers also added that users should still ensure they carry out regular updates on their system since such updates will drastically reduce the possibility of attacks.