New Exploit in the wake of Capital One Hack
August 13, 2019

Attackers are now exploiting news of the recent Capital One breach to push a malicious backdoor trojan via a phishing email purporting to offer a Windows Security Update. See the following example email:

Clicking the link in that email downloads a file named KB3085604.exe — named to resemble Microsoft patch files and security updates. Most antivirus programs have not been updated to detect this threat, meaning that education and attention to detail are currently our best defense.

The phishing email itself spoofs the targeted organization’s IT department, and the language used is sufficiently informal (as well as a little technical and even awkward) to appear credible.

We at LeafTech are here to assist with routine Windows updates and will not ask you to download an update sent via email. If you have any questions, or see any suspicious activity, please let us know by emailing support@leaftechit.com or call 720-319-8324 x2

Written by Jacob Baughn
Photo by Taskin Ashiq on Unsplash