Updates are crucial for protecting your PC, so Windows Update is a useful ally in this objective. But what happens when it starts downloading malware?

News has emerged that hackers have exploited the Windows Update system to execute malicious code on users’ PCs. It’s an attack which is typical of hackers as it’s innovative, deceptive and dangerous. Currently, the perpetrators of the attack appear to be Lazarus, a hacking group who are backed by North Korea. Dozens of cyberattacks have been attributed to Lazarus – such as the ThreatNeedle hack – over the last decade, so it should come as no surprise that this latest attack is a serious threat.

At Ophtek, we’ve always advised you that updates are the best way to protect your PC. And this remains the case. However, this exploit of the Windows Update service provides a cautionary tale, so we’re going to take a closer look at it.

Why is Windows Update Downloading Malware?

Lazarus have chosen the Windows Update client as a facilitator in its attack as it’s a highly trusted piece of software. After all, the main consensus of updates is that they protect your PC, so why suspect Windows Update of anything else? However, it’s this type of assumption which leads to threats developing.

This latest attack employs a spear-phishing technique which uses infected Microsoft Word documents, these false email attachments claim to be offering job opportunities at the aerospace firm Lockheed Johnson. However, far from containing opportunities for the recipients, these infected documents only contain opportunities for Lazarus. Once the Word documents are opened, users are prompted to activate macros. And this allows Lazarus to automatically install a fake Windows Update link in the PCs startup folder as well as downloading a malicious .dll file.

This Windows Update link is then used to load the malicious .dll through the Windows Update client. The hackers use this approach as it’s innovative and won’t get picked up by anti-malware tools. Lazarus are then free to download as much malware as they like onto the infected PC.

How to Protect Your PCs Against this Threat

You may think that the simplest way to protect yourself is by turning off Windows Update, but we do not recommend this. The best approach involves ensuring that Windows Update can’t be exploited by Lazarus’ attack methods. And this requires you to understand the techniques involved in spear-phishing, so make sure you practice the following:

  • Awareness: the most important step you can take in tackling spear-phishing is by introducing awareness to your employees. Make sure that regular training is provided to educate your staff on what spear-phishing is and the ways in which it can manifest itself on a PC.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


The latest version of Microsoft’s operating system Windows has now been rolled out; and Windows 11 comes with plenty of changes for PC users.

Windows 10 was released in 2015 and, since then, there have been many changes in IT. While Windows 10 is still more than capable of dealing with modern IT, there always comes a point where an overhaul is needed. And this is why Windows 11 has been released. It’s available as a free upgrade to anyone currently running Windows 10 and contains both updated applications and functionality.

Upgrading to a new operating system has always represented a major shift in the way that PCs operate, so it’s important to understand what happens when you hit that ‘install’ button.

Why Are Upgrades Necessary?

Taking advantage of operating system upgrades allows you to harness numerous benefits. Firstly, an older operating system is always up against a ticking clock of being discontinued. Once support has been discontinued, an older operating system is more at risk of security threats. Secondly, new operating systems are better positioned to cope with the demands of modern IT. Therefore, installing an upgraded version ensures you have a better user experience.

What’s Changed with Windows 11?

As with all previous upgrades on Windows, there are a significant number of changes. Many of these are unlikely to be noticed by your average PC user, but others will be more obvious. The most important changes are:

  • Microsoft Teams: during the Covid-19 pandemic, Microsoft Teams became a valuable tool for employees to communicate through. But it had never been an in-built part of the Windows operating system. Starting with Windows 11, however, it is now included by default.
  • Power Automate: Windows 11 has a new feature called Power Automate which allows PC users to program ‘flows’ which create automated tasks such as notifying team members when new files are added to a specific location.
  • Widgets: the interface of Windows 11 now allows you to harness the power of widgets, a type of software which has been common on mobile devices for some time. These new desktop widgets allow you to install widgets which provide information “at a glance” on a slide-out menu such as calendar updates.
  • Security: one of the major security features of Windows 11 is that it will only run on new machines. Therefore, if your hardware is starting to look even slightly old, it’s unlikely Windows 11 will run on it. This means that Microsoft is setting a strong baseline to ensure PCs running Windows 11 are as up to date as possible. Built on top of this security foundation are several background security processes including updated stack protection and enhanced bootup security.
  • Interface Design: the most notable changes in Windows 11 relate to the visual aesthetics of the interface. The start menu has been overhauled to provide quicker access to the apps you need, notifications are now grouped together to make accessing them quicker and File Explorer has been redesigned to look smarter and more intuitive.

Final Thoughts

Installing updated software is always recommended to ensure your PC is running with the best protection and functionality. And upgrading to Windows 11 is no different. It’s an essential upgrade and one which, although certain features will require some adjustment time, will provide you with enhanced productivity and a smoother user experience.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Hackers are attracted to big, successful targets. And, online, you don’t get much bigger than e-commerce, so that’s where the NginRAT malware comes in.

The e-commerce industry is one of the most lucrative sectors online. Not surprisingly, hackers have been targeting this industry since the earliest online transactions took place. As the e-commerce landscape has provided such a long running target, hackers have developed their attack methods significantly in this niche. And this means that it’s getting harder and harder to protect against them. NginRAT is the latest development in this area, and it’s already launched attacks against e-commerce servers in the US, France and Germany.

The threat of NginRAT is very real and it’s one which demands your attention. Therefore, it’s important that you know what you’re dealing with and what you can do about it. And that’s why we’re going to take a closer look at it today.

What is the NginRAT Malware?

The name NginRAT may sound unusual, but the naming procedure employed here is relatively simple:

  • Ngin: This part of the name refers to the Nginx servers where NginRAT hides in order to avoid detection.
  • RAT: The second part of the NginRAT name stands for Remote Access Trojan. This means it is a malware strain which uses back door access to provide remote access to an infected machine.

NginRAT, itself, is actually delivered to victims through another piece of malware known as CronRAT. Once NginRAT has been deployed on a host server, it begins modifying the functionality of this host in order to hijack the Nginx application. This not only allows NginRAT to remain cloaked from security tools, but also lets it inject itself into Nginx web server use. From here, NginRAT is in a position where it can record user data. Now, as Nginx servers are typically used in e-commerce, this means that the hackers can steal sensitive data such as credit card details.

Can You Detect and Remove NginRAT?

The NginRAT is considered a sophisticated piece of malware and it’s unlikely that your average anti-malware tool is going to detect it. However, while it may be sophisticated, it’s far from unbeatable. Security researchers have discovered that it uses two specific variables to launch itself within Nginx servers: LD_PRELOAD and LD_L1BRARY_PATH. For the average PC user, identifying these variables will be beyond their scope. But an IT professional should be able to isolate these processes and begin a removal process.

Final Thoughts

If your organization is involved in the world of e-commerce, then it pays to be vigilant against malware such as NginRAT. The potential damage that a RAT can cause is immeasurable. Aside from the financial repercussions for yourselves and your customers, there is also the reputational damage to contend with. Unfortunately, tackling the NginRAT malware is far from easy. Investing in server monitoring services will not act as a comprehensive band-aid, but it will improve your chances of detecting any malicious activity. For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


With the digital world awash with malware, viruses and vulnerabilities, it’s hard to avoid security breaches. But does zero trust security have the answer?

Hundreds of thousands of new malware strains are created daily; the chances, therefore, of your organization being targeted are high. Typically, we use measures such as security education to enhance vigilance and tools such as anti-malware software to minimize breaches. But neither of these are 100% secure. In fact, no one security measure can ever be 100%. It’s possible, though, to maximize your security by introducing additional security measures. And this is where zero trust security can make a big difference.

The Lowdown on Zero Trust

When users log on to corporate networks, they are usually assigned a certain level of access control. This allows them to access the parts of the network that are required for them to do their job. So, for example, an employee in the finance department would have access to invoicing systems whereas this would be restricted to those in the marketing department. Such an approach allows you to limit unauthorized access to sensitive data. But the zero trust model takes things a step further.

Zero trust’s guiding ethos is one of “never trust, always verify” and it takes a hardline approach to access privileges. Rather than assuming that a device in a specific location should automatically be granted access to the network in that area, zero trust access demands verification every time resources are accessed. Instead of providing an element of trust, there is zero trust – hence the name of the model. It’s an approach which requires checking both the identity and health of the devices requesting access alongside mutual authentication.

How Can Zero Trust Help?

A significant number of security breaches are down to human error e.g. opening a malicious email attachment. But zero trust work to eliminate (or at the very least, minimize) this human error by bringing access control to the table. External devices, for example, can’t gain access to a secure network by using stolen network credentials – they need to prove that the device in question is authorized and that the user can provide authentication. Not only does this limit unauthorized external access to your network, but it limits the number of internal users who can access data which is unnecessary to their role.

Final Thoughts

Access control has been in place with IT infrastructures for decades, but the hardline model of zero trust access is one that all businesses should be shifting towards. In particular, large businesses with a multitude of different departments and employees are particularly at risk of security breaches. But this is only the case if all employees have access to the same resources. Questioning the integrity of specific devices – and foregoing any assumptions based upon location – is crucial when it comes to protecting your network.

If your organization does not already practice the zero trust model for access, then it’s time to get started. Plan your model by dividing your networks into specific sections and detailing who needs access to each one. You can then start putting additional security in place – such as two factor authentication – to strengthen your network and keep your data as safe as possible.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


Google’s Chrome browser is one of the most popular choices for accessing the internet, but this popularity makes it an enticing target for hackers.

A substantial number of business activities are conducted online in the 21st century. Accordingly, most organizations find themselves accessing the internet with a browser almost every minute of the day. But each time we venture online we open ourselves up to numerous security threats. Malicious websites, of course, are a well-known security risk. At the heart of these threats is a determined effort to conceal their malicious payload. And that’s why a malicious website can be difficult to spot.

Chrome has an estimated userbase of 2.65 billion users and, as such, presents the perfect opportunity for hackers to cast their net far and wide.

How Chrome is Targeted

This latest malware attack specifically targets Chrome users who are running the browser on the Windows 10 operating system. Upon visiting an infected website, Chrome’s legitimate ‘advertising service’ delivers an advert which claims that Chrome requires updating. However, the advert contains a malicious link. Clicking this link will take you to a website entitled ‘chromesupdate’ which is designed to look like an official Google site. Unfortunately, it’s far from genuine.

The only thing that you will be able to download from this malicious website is malware. The payload in question is typical of modern malware, its main objective is to harvest sensitive data and steal cryptocurrency. Therefore, any login credentials you enter, while your PC is infected, can be logged and then transmitted to a remote server. Worst of all, the malware also grants remote access to your workstation. This opens you up to further malware downloads and, potentially, harnessing your machine into a DDoS attack.

How to Protect Your Browsing

Chrome is targeted by this latest campaign due to the manipulation of a Windows environment variable which allows Chrome’s advertising service to be exploited. The simplest way to avoid this attack is by using a different browser. But there’s a much bigger picture at play here. A better approach is to use the browser you are most comfortable with but remain vigilant. To do this, make sure you follow these best practices:

  • Use Anti-Malware Software: Malicious websites can be detected prior to accessing them thanks to the power of anti-malware software. Backed by huge databases, which are regularly updated, anti-malware software can instantly alert users when they try to access websites known to be malicious.
  • Don’t Be Rushed: The main strategy employed by malicious websites will be to instill a sense of urgency into their call-to-actions. For example, the threat of an imminent infection if a Chrome update is not installed is designed to create urgency. And it’s this urgency which can catch you off guard. So, if you feel that a website is rushing you into making a decision, always make sure you speak to an IT professional before going any further.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More