Month: April 2022

Fake Windows Installers Used to Distribute Information Stealing Malware

In October 2021, Microsoft launched its latest operating system – Windows 11 – and cybercriminals were quick to take advantage, offering free Windows 11 upgrades as a lure to trick people into installing malware.

Windows 11 has not been a roaring success so far. According to data from the IT asset management solution provider Lansweeper, on April 4, 2022, only 1.44% of corporate and personal devices had Windows 11 installed, which is less than the number that have Windows XP installed, for which support stopped being provided in 2014.

One of the main issues with Windows 11 is the stringent hardware compatibility requirements. One of the requirements for a Windows 11 upgrade is for devices to support Trusted Platform Module (TPM) version 2.0, which means any devices over 4 years old will not be able to have Windows 11 installed unless the hardware is upgraded.

Microsoft offers a tool on its website that will check whether a device has the hardware to support an upgrade to Windows 11, but any user who has not visited the official Microsoft website is unlikely to be unaware of the hardware restrictions, and it is those individuals who are being targeted and tricked into installing malware.

Malware is often distributed via peer-2-peer file-sharing networks and warez sites that offer pirated software, either packaged with the software installers or with the product activators and cracks that are used to generate valid licenses; however, the fake Windows installers are being pushed through search engine poisoning.

Search engine poisoning, also known as SEO poisoning, is the creation of malicious websites and the use of search engine optimization techniques to get the websites to appear high in the organic search engine listings for certain search terms. In this case, search terms related to Windows 11 downloads.

When a user enters a search string into Google, the malicious website appears in the listings. A variety of domains are used in the campaigns that at first glance appear to be legitimate, windows11-ugrade11.com being one example. The landing page on these websites include the Microsoft logo and menus and an attractive Get Windows 11 screen with a Download Now button.

One campaign has been identified that delivers a novel malware variant dubbed Inno Stealer, which is installed by an executable file in the downloaded ISO file. Inno Stealer can steal web browser cookies, passwords stored in browsers, data from the filesystem, and data in cryptocurrency wallets. Other malware variants are also being distributed using similar tactics. Fake windows installers have also been distributed via phishing emails. One campaign delivers Qbot malware via a password-protected ZIP file that contains a malicious MSI installer.

Spam filtering solutions can be used to block malware delivery via phishing emails; however, to block malware downloads from web browsing, a web filter is required. WebTitan is a DNS-based web filter that incorporates advanced DNS filtering controls to block access to malicious websites and prevent malware downloads.

WebTitan is fed threat intelligence from a network of 650 million worldwide users. Newly identified threats are immediately propagated to database deployments worldwide to provide coverage and protection against emerging, zero-hour threats. The solution can also be configured to block attempts by users to download file types often associated with malware, such as ISO and MSI files. WebTitan can handle any volume of usage with no latency, so users will be unaware that content is being filtered until they encounter a threat and are informed by WebTitan that the threat has been blocked.

If you want to improve your defenses against malware and phishing attacks via the Internet, contact TitanHQ today to find out more about WebTitan. Product demonstrations can be arranged on request and the full product is available on a free trial (with full support) to allow you to see for yourself how effective it is at blocking threats and how easy it is to install, set up, and use.

Five Expert Insights Best-Of Awards for TitanHQ Solutions

Expert Insights has announced its Spring 2022 Best-Of awards and TitanHQ has been given awards in 5 categories, including best-in-class awards for SpamTitan Email Security, WebTitan DNS Filter, ArcTitan Email Archiving, and SafeTitan Security Awareness training.

Expert Insights is an online publication that receives more than 80,000 visitors a month. Business owners and Information Technology professionals rely on the website which provides insights into the best business software solutions, along with blog posts, buyers’ guides, technical product reviews and analyses, interviews with industry experts, and reviews of software solutions by users of those solutions, who give accurate advice on their experiences and how the products perform in practice.

The Best-Of Awards recognize vendors and products that excel in their respective categories and help businesses achieve their goals. “Each of the services recognized in our awards are providing in many cases an essential service to their users, driving business growth, securing users in a challenging cybersecurity marketplace, and massively improving business efficiency,” Joel Witts, Expert Insights’ Content Director.

Each category includes a maximum of 11 products that have been analyzed by Expert Insights’ editorial and technical teams in the UK and US and have achieved excellent ratings from genuine users of the solutions. “These awards recognize the continued excellence of the providers in these categories,” said Witts.

At the Expert Insights Spring 2022 awards, TitanHQ was ranked the number 1 solution in the Best Email Security Gateway category for SpamTitan Email Security, ArcTitan Email Archiving was ranked number 1 in the Email Archiving for Business category, WebTitan DNS Filter ranked second in the Web Security category, and SafeTitan Security Awareness Training was ranked in the top 10 in two categories, Security Awareness Training and Phishing Simulation.

“The recent pandemic and the growth of remote working initiatives have further highlighted the need for multiple layers of cybersecurity and our award-winning solutions form key pillars in this security strategy,” said TitanHQ CEO Ronan Kavanagh. “We will continue to innovate and provide solutions that MSPs can use to deliver a consistent, secure and reliable experience to their customers.”