Malware spread through updates: how to protect your PC Malware spread through updates: how to protect your PC

When some software on your computer signals the need to update, you typically just hit the OK button and don’t think twice about it, right? Same as millions of other users all over the world. In most cases, everything goes smoothly; with your permission, the program downloads a package and installs it, sometimes requesting a reboot thereafter. Recently, however, there was spotted a pattern of attack that makes this approach to software updates a malicious practice.

On August 2, 2024, Volexity, a cybersecurity company, published a blog post reporting how StormBamboo, a hacker group presumably also known as StormCloud, Evasive Panda, and Daggerfly, compromised an unnamed internet service provider (ISP) and implemented a “machine-in-the-middle” setup. This pattern, as its name suggests, involves putting the wrongdoer’s hardware into the path of traffic with the aim of returning some malicious code to the computers of users who remain oblivious to what is really happening because everything looks and feels normal to them.

What is DNS poisoning?

In this particular case, we are dealing with DNS poisoning. As you know, DNS (stands for Domain Name System) is the backbone mechanism that resolves site names into numerical addresses of servers where the content of those sites is taken from. StormBamboo managed to replace those addresses and drive a portion of the traffic going through the compromised ISP to their server. There, users received malware under the guise of updates of some programs, including 5KPlayer, Quick Heal, Rainmeter, Partition Wizard, plus some software from Corel and Sogou.

What was the malware involved?

According to Volexity, the malicious code distributed in the context of this campaign were MACMA for macOS/iOS devices and POCOSTICK for hardware running under Windows.

MACMA, first reported in 2021 by Google’s Threat Analysis Group, is a backdoor that, once deployed, gives its operator a wide range of capabilities in the infected system, from fingerprinting through screen capture to file management and execution of commands in the terminal, plus the expected keylogging and, if the device has a mic, audio recording.

POCOSTICK, a piece of malware for Windows systems, was spotted for the first time in 2014 by ESET as MgBot, a backdoor framework believed to be the signature product of StormBamboo. It gives the deploying party pretty much the same array of tools as MACMA, so the threat is more than real.

Protect your computer from malware in software updates with Software Informer

Phishing may be the most heard-of way of virus distribution, but, essentially, it all boils down to downloading and executing (opening) a file on your computer. Software updates are so common that we don’t really pay much attention thereto, which makes them perfect carriers of malicious code.

Antivirus software protects you from most threats, but updates can sneak under the radar. Install Software Informer to fully shield your computer from malware distributed through compromised update routines:

  • all new versions of programs that you receive through our updater are pre-scanned for viruses, 
  • all links to software products you see in the app are checked through the Google Safe Browsing service.

We could say that making software updates safe is a selling point for the Informer application, but we don’t sell this program, it’s free! Join 5+ million users who already feel safe with Informer.

Get your copy of Software Informer

Author's other posts

Great AI-driven résumé builders (2025)
Article
Great AI-driven résumé builders (2025)
Most people on this planet have to hunt for a job, many of them — repeatedly. Here are five great AI-powered resume builders that simplify the process and offer other useful tools.
Eight things to do after upgrading from Windows 10 to Windows 11
Article
Eight things to do after upgrading from Windows 10 to Windows 11
Ultimately, you will have to upgrade from Windows 10 to Windows 11. Here are the steps you need to take after the migration.
Apple Glasses, revisited: what’s known in the middle of 2025
Article
Apple Glasses, revisited: what’s known in the middle of 2025
Meta's Zuckerberg and OpenAI's Altman see eyewear as the future AI assistant. Apple Glasses might emerge by 2026 with top-notch AI features.
Personal AI assistants: visions by Meta and OpenAI
Article
Personal AI assistants: visions by Meta and OpenAI
Mark Zuckerberg pitches "Personal Superintelligence" AI glasses, aiming to empower users with style and tech. How do they compare to OpenAI's voice-controlled earbuds?