Threat actors are using browser push notifications to convince users into installing fraudulent Windows Defender updates. A popup will appear in the tray to notify the user of the update. If clicked, the user will be directed to a fraudulent update website that prompts users to download and run a signed ms-appinstaller (MSIX) package purporting to be published by Microsoft. Once installed, it appears in the Start Menu but serves as a shortcut to an installed data-stealing Trojan that targets various applications and information.

Fraudulent Windows Defender Alert
Image Source: McAfee, Fake Defender Alert

 

 

Updates for any Microsoft product should only be installed through Microsoft Windows Updates built into Windows. Typically, Windows will install updates automatically notifying the user after the update is complete. powersolution.com advises users to navigate directly to official websites by manually typing the URL into the browser instead of clicking on links from unverified sources. Lastly, ensure that you are running Anti-virus that is set to auto-update its virus definitions. Threats like this should be spotted by most modern, up-to-date antivirus products.

How is your state of IT?

Call Us: (201) 493-1414
Our Awards:
IT Support NJ - Reputable highly rated Small Business IT services and tech support company in New Jersey - powersolution industry awards
IT support NJ - Reputable highly rated Small Business IT services and tech support company in New Jersey - powersolution IT industry awards
Scroll to Top