Threat actors are using browser push notifications to convince users into installing fraudulent Windows Defender updates. A popup will appear in the tray to notify the user of the update. If clicked, the user will be directed to a fraudulent update website that prompts users to download and run a signed ms-appinstaller (MSIX) package purporting to be published by Microsoft. Once installed, it appears in the Start Menu but serves as a shortcut to an installed data-stealing Trojan that targets various applications and information.
Updates for any Microsoft product should only be installed through Microsoft Windows Updates built into Windows. Typically, Windows will install updates automatically notifying the user after the update is complete. powersolution.com advises users to navigate directly to official websites by manually typing the URL into the browser instead of clicking on links from unverified sources. Lastly, ensure that you are running Anti-virus that is set to auto-update its virus definitions. Threats like this should be spotted by most modern, up-to-date antivirus products.
How is your state of IT? Call Us: (201) 493-1414 with any questions.
