Trojan:JS/FakeUpdate.C

Guidance for individual users

• Keep your operating system and antivirus products up to date. Customers who have turned on automatic updates do not need to take additional action.

Take these steps to help prevent malware infection on your computer.

Guidance for enterprise administrators

Apply these mitigations to reduce the impact of this threat.

• Turn on network protection to block connections to malicious domains and IP addresses.
• Turn on cloud-delivered protection and automatic sample submission on Microsoft Defender Antivirus. These capabilities use artificial intelligence and machine learning to quickly identify and stop new and unknown threats.
• Encourage users to use Microsoft Edge and other web browsers that support SmartScreen, which identifies and blocks malicious websites, including sites that host malware.
• Educate end users about preventing malware infections and the threat posed by questionable software updates offered while browsing the internet.
• Turn on tamper protection features to prevent attackers from stopping security services.
• Enforce strong, randomized local administrator passwords. Use tools like LAPS.
• Limit access to critical systems by segregating your network and monitor these systems more closely. Require multi-factor authentication on these systems to reduce the impact of compromised credentials.
• Run EDR in block mode so that Microsoft Defender for Endpoint can block malicious artifacts, even when your non-Microsoft antivirus doesn’t detect the threat or when Microsoft Defender Antivirus is running in passive mode. EDR in block mode works behind the scenes to remediate malicious artifacts that are detected post-breach.
• Enable investigation and remediation in full automated mode to allow Microsoft Defender for Endpoint to take immediate action on alerts to resolve breaches, significantly reducing alert volume.
• Use device discovery to increase your visibility into your network by finding unmanaged devices on your network and onboarding them to Microsoft Defender for Endpoint.
• Turn on the following attack surface reduction rules to block or audit associated ransomware and human adversary activities. To assess the impact of these rules, deploy them in audit mode.
• Block execution of potentially obfuscated scripts
• Block JavaScript or VBScript from launching downloaded executable content
• Block process creations originating from PsExec and WMI commands
• Use advanced protection against ransomware
• Block credential stealing from the Windows local security authority subsystem (lsass.exe)
• Use the Microsoft Defender Firewall and your network firewall to prevent RPC and SMB communication among endpoints whenever possible. This limits lateral movement as well as other attack activities.
• Keep backups so you can recover data affected by ransomware and destructive attacks. Use controlled folder access to prevent unauthorized applications from modifying protected files.