Cybercriminals Make Fake Microsoft Store Tricking Victims Into Downloading Malware

While Microsoft has been providing security updates again and again fixing possible vulnerabilities that users might suffer, cybercriminals are now taking advantage of people's reliance on Microsoft by making a fake website to lure victims. Cybercriminals create a fake Microsoft Store identical to the official store in order to trick victims into actually downloading malware.

Cybercriminals Make Fake Website

Despite the consistent update releases, Windows is still reportedly vulnerable to quite a lot of malware. According to the story by SlashGear, It is actually way too easy to simply infect a Windows PC just by downloading a basic malicious application. The infection can happen even if users have an official app store.

Microsoft generally urges its users to only install and download the apps and softwares from the company's official channels. Despite providing the general warning, hackers were able to take advantage of the advice given by Microsoft. Since the company urged users to download only those apps on the Microsoft Store. Hackers have now created a fake website pretending to be the real Microsoft!

Can you get viruses from Microsoft store?

Just like all of the other app stores out there, it is really possible to browse through the fake Microsoft Store on any web browsers. When using a Windows machine, clicking directly on an app's given Install button will then launch the Microsoft Store app in order to complete the whole process. The difference with the fake website is that in any circumstances, it won't actually download anything at all.

Unfortunately, there are some people that are really used to downloading certain installers and other ZIP files from the internet without knowing the risk of doing so. When something looks like a legitimate Windows app page would start downloading something suspicious, the infection is so smooth that some people reportedly aren't aware that they are being infected.

Read Also: New DearCry Malware Found in About 7,000 Microsoft Exchange Servers

Microsoft Store Virus

Unfortunately, what the fake Microsoft Store would download would be a variant of Ficker or the FickerStealer info-stealing malware. According to the article by Bleeping Computer, this particular malware is actually very capable of stealing passwords directly from documents, taking screenshots of the victim's desktop, and even stealing digital cryptocurrency wallets!

The pieces of data are all packed into a simple ZIP file then easily sent back to the attacker for them to process. The cybersecurity firm known as ESET now notes that the whole campaign would also use other fake Spotify pages in order to trick people into downloading malicious malware.

It should also be very evident in the whole address bar, however, that these particular fake websites are not for real and that the apps and services they offer could be that of malware infection. Unfortunately, not a lot of people pay attention to the website address itself which should be enough to indicate whether a certain website is suspicious or not. Generally, most official websites are very direct with their URL and those with really messy URLs could be ripoff websites.

Related Article: Microsoft Office Files Now Used by Hackers to Spread Malware: IoT Under Attack

This article is owned by Tech Times

Written by Urian B.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics