{
	"id": "06119dd3-485e-4a0f-a3d4-e1667692ad99",
	"created_at": "2026-04-06T00:07:22.581151Z",
	"updated_at": "2026-04-10T13:12:32.267676Z",
	"deleted_at": null,
	"sha1_hash": "8ff639ca0ed382f90ed2516a4b09348f23958f97",
	"title": "Fake Windows 10 updates infect you with Magniber ransomware",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2256073,
	"plain_text": "Fake Windows 10 updates infect you with Magniber ransomware\r\nBy Lawrence Abrams\r\nPublished: 2022-04-30 · Archived: 2026-04-05 21:38:39 UTC\r\nFake Windows 10 updates are being used to distribute the Magniber ransomware in a massive campaign that started earlier\r\nthis month.\r\nOver the past few days, BleepingComputer has received a surge of requests for help regarding a ransomware infection\r\ntargeting users worldwide.\r\nWhile researching the campaign, we discovered a topic in our forums where readers report becoming infected by the\r\nMagniber ransomware after installing what is believed to be Windows 10 cumulative or security update.\r\nhttps://www.bleepingcomputer.com/news/security/fake-windows-10-updates-infect-you-with-magniber-ransomware/\r\nPage 1 of 6\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/fake-windows-10-updates-infect-you-with-magniber-ransomware/\r\nPage 2 of 6\n\nVisit Advertiser websiteGO TO PAGE\r\nThese updates are distributed under various names, with Win10.0_System_Upgrade_Software.msi [VirusTotal] and\r\nSecurity_Upgrade_Software_Win10.0.msi being the most common.\r\nOther downloads pretend to be Windows 10 cumulative updates, using fake knowledge base articles, as shown below.\r\nSystem.Upgrade.Win10.0-KB47287134.msi\r\nSystem.Upgrade.Win10.0-KB82260712.msi\r\nSystem.Upgrade.Win10.0-KB18062410.msi\r\nSystem.Upgrade.Win10.0-KB66846525.msi\r\nBased on the submissions to VirusTotal, this campaign appears to have started on April 8th, 2022 and has seen massive\r\ndistribution worldwide since then.\r\nWhile it's not 100% clear how the fake Windows 10 updates are being promoted, the downloads are distributed from fake\r\nwarez and crack sites.\r\nFake warez and crack sites pushing Magniber\r\nSource: BleepingComputer\r\nOnce installed, the ransomware will delete shadow volume copies and then encrypt files. When encrypting files, the\r\nransomware will append a random 8-character extension, such as .gtearevf, as shown below.\r\nhttps://www.bleepingcomputer.com/news/security/fake-windows-10-updates-infect-you-with-magniber-ransomware/\r\nPage 3 of 6\n\nFiles encrypted by Magniber\r\nSource: BleepingComputer\r\nThe ransomware also creates ransom notes named README.html in each folder that contains instructions on how to\r\naccess the Magniber Tor payment site to pay a ransom.\r\nMagniber ransom note\r\nSource: BleepingComputer\r\nThe Magniber payment site is titled 'My Decryptor' and will allow a victim to decrypt one file for free, contact 'support,' or\r\ndetermine the ransom amount and bitcoin address victims should make a payment.\r\nhttps://www.bleepingcomputer.com/news/security/fake-windows-10-updates-infect-you-with-magniber-ransomware/\r\nPage 4 of 6\n\nMagniber Tor payment site\r\nSource: BleepingComputer\r\nFrom payment pages seen by BleepingComputer, most ransom demands have been approximately $2,500 or 0.068 bitcoins.\r\nMagniber is considered secure, meaning that it does not contain any weaknesses that can be exploited to recover files for\r\nfree.\r\nUnfortunately, this campaign primarily targets students and consumers rather than enterprise victims, causing the ransom\r\ndemand to be too expensive for many victims.\r\nhttps://www.bleepingcomputer.com/news/security/fake-windows-10-updates-infect-you-with-magniber-ransomware/\r\nPage 5 of 6\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/fake-windows-10-updates-infect-you-with-magniber-ransomware/\r\nhttps://www.bleepingcomputer.com/news/security/fake-windows-10-updates-infect-you-with-magniber-ransomware/\r\nPage 6 of 6",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/fake-windows-10-updates-infect-you-with-magniber-ransomware/"
	],
	"report_names": [
		"fake-windows-10-updates-infect-you-with-magniber-ransomware"
	],
	"threat_actors": [],
	"ts_created_at": 1775434042,
	"ts_updated_at": 1775826752,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/8ff639ca0ed382f90ed2516a4b09348f23958f97.pdf",
		"text": "https://archive.orkl.eu/8ff639ca0ed382f90ed2516a4b09348f23958f97.txt",
		"img": "https://archive.orkl.eu/8ff639ca0ed382f90ed2516a4b09348f23958f97.jpg"
	}
}