Microsoft is warning users to be on the lookout for fake Java updates that will download malware onto their computers.
The cybercriminals behind the malware seem to be tapping into the current awareness of problems with Java, after several exploits were found in web browser versions of the plug-in.
"Cybercriminals often use fake virus alerts to lure you into buying fraudulent antivirus software," said Microsoft employee Eve Blakemore in a post on the company's blog.
Users must seriously consider their use of Java. Do they really need it?
"In the case of the fake Java updates, cybercriminals are taking advantage of news about security vulnerabilities in Java and recommendations to update Java immediately.
"We agree that if you use Java on your device you should update it directly from the Oracle website," Blakemore added.
The problem was first reported by anti-virus giant Trend Micro, which said it had been alerted to a piece of malware posing as Java Update 11.
Paul Pajares, fraud analyst at Java, said in a blog post: "The fake update in question is javaupdate11.jar (detected as JAVA_DLOADER.NTW), which contains javaupdate11.class that downloads and executes malicious files up1.exe and up2.exe.
"Once executed, this backdoor connects to a remote server that enables a possible attacker to take control of the infected system."
Trend Micro also observed JAVA_DLOADER try, unsuccessfully, to download a ransomware Trojan to the user's computer.
Pajares claims while the malware installed via the fake update does not exploit any java-related vulnerability, it is "clearly piggybacking on the Java zero-day incident and users' fears."
Pajares said users might be better off ditching Java completely.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it?" he said.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Oracle breach claims spark war of words with security researchersNews A war of words has erupted between Oracle and cybersecurity researchers following claims the company suffered a security breach.
-
Exploitation of Docker remote API servers has reached a “critical level”News Hackers are targeting Docker’s remote access API as it allows them to pivot from a single container to the host and deploy malware with ease
-
Cyber criminal underground “thriving” as weekly attacks surge by 75% in Q3 2024Cyber attacks reached another all-time high this quarter as digital crime continues to be a highly profitable industry for threat actors
-
“By this time next year, Oracle employees won't be using passwords” — Larry Ellison wants a biometric future in cybersecurityNews The Oracle CTO hit out at passwords, calling them insecure and easy to steal
-
NetSuite vulnerability could leave thousands of websites exposedNews The issue stems from a misconfiguration of access controls in NetSuite's SuiteCommerce instances
-
Alarm raised over patched Phemedrone Stealer malware that's being used to target Windows PCs - here's what you need to knowNews Phemedrone Stealer is being used to exploit a vulnerability in Windows Defender SmartScreen despite the issue being patched in November 2023
-
SOC modernization and the role of XDRWhitepaper Automate security processes to deliver efficiencies across IT
-
Uncovering the ransomware threat from global supply chainsWhitepaper Effectively mitigate ransomware risk
