HP warns users to beware of fake update epidemic

HP warns users to beware of the fake update epidemic. If not careful, it may be infected with malware.

According to a report by the Security Brief Asia website, this report refers to the Threat Insights Report of the famous computer and IT equipment manufacturer HP. This report is based on the data acquisition of endpoints using the company's security products, HP Wolf Security, which are millions of devices. The data collected is interesting about the campaigns often used by hackers to release malware into their customers:

The use of pseudo-legal intimidation

According to the report, hackers have been detected to deceive victims. Contacts come from government agencies, usually law enforcement agencies, threatening that if the victim does not comply, they will lead to a lawsuit. Hackers will deceive the victim into a fake agency website specifically created to deceive the victim. After the victim enters the site, the site will automatically scroll (Auto-Scrolling) to gradually lure the victim to a password similar to an OTP or One-Time Password to open a zip-based compression file that deceived the victim to download earlier.

After the victim enters the code to open the file, it will lead to the installation of a malware in the form Remote Access Trojan or RAT called PureRAT, a malware type that remotely controls the machine that is sold on the hacker's black market, opening the way for hackers to gain complete control of the victim's machine. This malware is very malicious because only 4% of the files associated with this malware can be detected by anti-malware tools.

Fake Update of Adobe Software

This section is so intriguing that it has become the subject of this news, as the report has revealed that hackers have implemented fake PDF document files with code implantation in getting victims to fake websites claiming to be websites for updating Adobe Acrobat Software, a software for reading Adobe PDF files.

The installation screen is the same as the genuine updresser. However, if the victim follows the procedure, it will lead to downloading a software used to access other people's machines called ScreenConnect, a Remote Desktop software for the IT team to modify the user's machine according to the organization. Instead, it was modified to return to the hacker's server, opening the way to take control of the victim's machine instead, so that it can be counted as a RAT malware.

Hosting malware results in Discord chat services

Interestingly, the report also discusses the popularity of hackers to adopt Discord chat as an infrastructure to host malware files (payload) due to the reliability of the platform and the savings that do not cost the infrastructure itself.

One of the campaigns that has obvious use of this channel is the Phantom Stealer malware release campaign, which is a malware type that steals data from the victim's machine, or an Infostealer that has the ability to disable Windows 11 Memory Integrity or the Windows 11 memory section security feature before embedding it on the victim's machine. This malware has the ability to steal a variety of data, such as passwords, financial data, web browser cookies, etc. This malware is sold on the black market of hackers, whose ability to evade is updated. Being consistently detected by new anti-malware tools

Growth of data theft type malware or Infostealer

The report also found that the Infostealer type of malware experienced a huge growth during Q3 2025 (2025), of which, out of all malware, over 57% were malware types, with the malware itself focused on stealing passwords, file cookies, and various financial information.

Also interesting is the growth of malware focused on stealing Session Cookies for access to services and websites without logging in, replacing password theft, or multi-layer authentication codes (MFA or Multi-Factors Authentication).

Attaching malware files via email is still in use.

Although it is an old method of spreading malware, it is still in use today even less. HP has reported that only 11% of emailed malware is detected by the Sure Click tool as being able to get out of the email filter. The files that are often used to send emails are as follows:

Compressed files are still very popular, with last year's most recent quarter slot being up to 45%, 5% more than the previous quarter. In addition, hackers have been found to have made this approach even more sophisticated by using .tar and .z genus compressed files instead of the familiar .Zip and .Rar.

While PDF files, although less commonly used, are becoming more popular than ever. During the 3rd quarter of 2025, the HP Wolf Security tool can detect and extract up to 11% of such files, 3% more than the previous quarter.

# Trending # hp # lemon 8 diary # it # freedomhack