Security firm Malwarebytes Labs issued a warning about "FakeUpdates". Apparantly, a growing number of cybercriminals are trying to trick web users into the installation of malware by posing as a fake update for a commonly-used piece of software.
The first signs of a broad malware campaign that relies on social engineering users with fake but convincing update notifications were spotted in December 2017, but more recently it's been picking up steam. Full details over here.
Today, we are looking at what we call the ‘FakeUpdates campaign’ and describing its intricate filtering and evasion techniques. One of the earliest examples we could find was reported by BroadAnalysis on December 20, 2017. The update file is not an executable but rather a script which is downloaded from DropBox, a legitimate file hosting service, as can be seen in the animation below.