Windows has a history of attackers creating malicious installs of its operating system, noted Leo Pate, a managing consultant with nVisium, an application security provider in Herndon, Va.
“Hackers do this in order to create backdoors into a user’s machine,” he told TechNewsWorld. “By introducing this backdoor, attackers are able to control all aspects of a Windows user’s environment, resulting in a full loss of privacy.
“Microsoft has placed safeguards around people attempting to upgrade their machines to the latest platform version,” Pate explained. “If their machines don’t meet certain requirements, Microsoft won’t allow them to upgrade those machines.”
“Because of this, users will look for other places where they can receive this upgrade,” Pate said. “It’s in these places where attackers will willingly provide the software that Microsoft won’t – along with their own backdoors, of course.”
In addition, there are always users looking for ways to save money when it’s time to upgrade. “If they are tricked that there is a cost to upgrade, and they can save money by downloading some software, they’ll download the software,” he noted.
He added that consumers are more likely to be tempted to go outside authorized channels for an upgrade than businesses.
“Corporate America typically will wait six to 12 months before deployment and after testing of all associated applications that run on it and drivers,” he said. “The home user typically wants new and shiny stuff right away so they can be a victim of such a ruse.”
Secure Supply Chain:
“I don’t believe this is an example of a supply chain attack, as Microsoft would need to have their codebase compromised, which generally results in users downloading malicious platform upgrades through legitimate Windows services,” Pate explained.
“At this time, I haven’t heard of Microsoft’s codebase being weakened or affected by this development,” he added.