Microsoft is a name you should be able to trust. But, online, nothing is ever quite as it seems. And that’s why you need to be careful what you click.
DirectX is a crucial component when it comes to processing multimedia materials on Windows PCs. It has been in use for over 25 years now and is an established element of the Windows experience. But it’s this familiarity, and reliance on the software, which makes it the perfect target for hackers. Accordingly, security researchers have discovered a fake web page which claims to carry a genuine version of the software. Unfortunately, the only thing that this download contains is untold trouble and chaos for IT systems.
It’s always important to be aware of the latest threats, so we’re going to take you through the processes involved in this new attack.
Fake Website Spells Danger
The fake website in question has been set up by hackers to look like a genuine site offering a download of DirectX 12 for Windows. The hackers have been careful to disguise the website as genuine by putting some effort into its design. Most malicious websites are basic with the main emphasis being on a download button. While this latest website does rely on a download button, the designers have also included additional pages including: a contact form, copyright infringement details, a privacy policy and a legal disclaimer. This ‘extra effort’ is used in order to create a false sense of security.
Victims of this download scam are likely to find themselves at this website through a number of means: they may have received fake emails urging them to download a new version or they may have found the website through a search engine. Either way, the results of infection are the same. Clicking on the download page will forward users to a remote website where they are prompted to download the software. Two options are put forwards to the user: a 32-bit or a 64-bit version. Both files will then download further malware capable of the following:
- Stealing confidential data such as login credentials by recording keystrokes
- Unauthorized transmission of user files
- Accessing a wide range of cryptocurrency wallets to steal funds
How to Avoid the Dangers of Malicious Websites
The threat of malicious websites is nothing new, but their continued presence online indicates that PC users need continual refreshers on them. Therefore, make sure that your staff practice the following:
- Only ever download software from the manufacturer’s official website e.g. DirectX software should only be downloaded from Microsoft. And always double check that the website address is genuine. If in doubt, get an IT professional to verify it.
- Understand the dangers of phishing emails and the best ways to identify what is genuine and what is fake.
- Install anti-virus software on your PCs that evaluates websites and blocks those that are suspected of being malicious. This is a common feature of almost all anti-virus software and offers you a valuable moment of thought before proceeding.
For more ways to secure and optimize your business technology, contact your local IT professionals.