Hardly a week goes by without major tech players discovering new malware or some zero-day vulnerabilities actively exploited by hackers.
Microsoft announced on April 12 that it had discovered a particularly aggressive malware that hides in the scheduled tasks of Windows 11 and 10.
Chinese malware infects Windows PCs
Cyberattacks never end. For several months, the number of malware and viruses that have polluted application stores and devices has continued to grow. A resurgence that has appeared since the start of the war in Ukraine, when hackers Chinese and Russian government affiliates attempt to steal personal data from users all over the world. Between fake antivirus applications on the Google Play Store or even a diversion of VLC to distribute dangerous malware, the examples are as numerous as they are alarming.
The latest comes from Hafnium, a China-backed hacker collective that directly attacked Windows 10 and 11 by exploiting unidentified zero-day flaws. Microsoft has indeed shared its latest discovery in this area: malware called Tarrask. According to the Redmond company, this malicious software would be able to create scheduled tasks in secret and then delete them out of the blue with subsequent commands. Under these conditions, the malware can easily be concealed and pass under the radar of traditional means of detection.
Hidden scheduled tasks that are hard to spot
More concretely, Chinese hackers have used scheduled tasks to maintain access to their victims’ devices even after a full reset and re-establishing broken connections with the C2 command and control infrastructure. Microsoft warns, they can only be found from a careful examination in the Windows registry editor by directly searching for the famous scheduled tasks which would not have an SD (security description) value in the task key.
Suffice to say that ordinary users will have a hard time countering and detecting this new malware. Microsoft still recommends administrators of Windows 11 and 10 PCs to enable ” Security.evtx and Microsoft-Windows-TaskScheduler/Operational.evtx to check for the possible presence of tasks hidden by the malware. Microsoft Defender will now be able to detect them as ” HackTool:Win64/Tarrask!MSR ” and ” HackTool:Win64/Ligolo!MS “.
To download
8
- Graphical redesign of the successful interface
- Improved Snap
- Effective anchor groups
To be completely honest, Windows 11 seems to us to be a good evolution of Windows 10. Beyond the very marketing aspect linked to the surprise effect (Windows 10 was presented as the last of the last, remember) and to the essentially graphical redesign of the interface, the update brings a bit of clarity and modernity that are welcome after six years spent with an OS designed to reconcile Microsoft and its audience. We also like the discreet details that make it more functional, such as the improved snap and anchor groups, or even the refined management of virtual desktops. Finally, we are really convinced by the redesign of the Microsoft Store. By agreeing to return to the exclusivity reserved for UWPs, Microsoft is effectively hitting where it is not expected and finally compels itself to catch up on Apple and Google.
To be completely honest, Windows 11 seems to us to be a good evolution of Windows 10. Beyond the very marketing aspect linked to the surprise effect (Windows 10 was presented as the last of the last, remember) and to the essentially graphical redesign of the interface, the update brings a bit of clarity and modernity that are welcome after six years spent with an OS designed to reconcile Microsoft and its audience. We also like the discreet details that make it more functional, such as the improved snap and anchor groups, or even the refined management of virtual desktops. Finally, we are really convinced by the redesign of the Microsoft Store. By agreeing to return to the exclusivity reserved for UWPs, Microsoft is effectively hitting where it is not expected and finally compels itself to catch up on Apple and Google.
Source : Microsoft
What is the best antivirus solution in 2022? Discover our complete comparison to help you find the one that best suits your needs.
Read more
3