DARKReading: Fake Google Software Updates Spread New Ransomware.
[1]https://www.darkreading.com/attacks-breaches/attacker-using-fake-google-softw
are-update-to-distribute-new-ransomware

Fake Google Software Updates Spread New Ransomware

   "HavanaCrypt" is also using a command-and-control server that is hosted
   on a Microsoft Hosting Service IP address, researchers say.
   Jai Vijayan
   [2]Jai Vijayan
   [3]Contributing Writer, Dark Reading
   July 11, 2022 actors are increasingly using fake Microsoft and Google
   software updates to try to sneak malware on target systems.
   The latest example is "HavanaCrypt," a new ransomware tool that
   researchers from Trend Micro recently discovered in the wild disguised
   as a Google Software Update application. The malware's command
   and-control (C2) server is hosted on a Microsoft Web hosting IP
   address, which is somewhat uncommon for ransomware, according to Trend
   Micro.

   Also notable, according to the researchers, is HavanaCrypt's many
   techniques for checking if it is running in a virtual environment; the
   malware's use of code from open source key manager KeePass Password
   Safe during encryption; and its use of a .Net function called
   "QueueUserWorkItem" to speed up encryption. Trend Micro notes that the
   malware is [4]likely a work-in-progress because it does not drop a
   ransom note on infected systems.

References

   Visible links
   1. https://www.darkreading.com/attacks-breaches/attacker-using-fake-google-software-update-to-distribute-new-ransomware
   2. https://www.darkreading.com/author/jai-vijayan
   3. https://www.darkreading.com/author/jai-vijayan
   4. https://www.trendmicro.com/en_us/research/22/g/brand-new-havanacrypt-ransomware-poses-as-google-software-update.html

   Hidden links:
   6. https://www.darkreading.com/author/jai-vijayan