Kaspersky (Securelist.com) recently revealed new malicious attacks that exploited vulnerabilities in Google Chrome and Windows 10. This attack chain was called PuzzleMaker.
The PuzzleMaker malware used Google Chrome to infect Windows PCs, where it achieved Administrator privileges and downloaded and installed a backdoor.
According to Kaspersky, the attacks were seen on April 14-15 and were targeted against specific companies.
PuzzleMaker downloaded malicious files that were disguised as Windows system files. This way, PuzzleMaker installed a backdoor that could perform these actions:
- download files,
- send files to the malicious actors,
- run code.
Backdoors are not inherently harmful, but they are very dangerous. PuzzleMaker could allow malicious actors to control the infected computer.
A reminder of the importance of security updates
So, what now? Is PuzzleMaker still dangerous? Probably not. Both Google and Microsoft have already fixed the issues that PuzzleMaker exploited. They did it by releasing security updates that are by default installed automatically.
Kaspersky suspects that PuzzleMaker was using a Google Chrome vulnerability that was patched on April 20th, a week after the observed PuzzleMaker attacks.
As for the Windows vulnerabilities, Kaspersky warned Microsoft about them. Microsoft then released security patches on the 8th of June (CVE-2021-31955, CVE-2021-31956).
By the principle of coordinated vulnerability disclosure, security companies and researchers who discover vulnerabilities are encouraged to contact the affected company (such as Google or Microsoft).
- If nobody is exploiting the vulnerability, then researchers are supposed to hold off reporting on it until after the fix is released. This should keep all of us safe by keeping criminals from learning about the bug and abusing it.
- If the vulnerability is being exploited and there’s no fix for it yet, then researchers and the software vendor try to inform the public responsibly.
How to keep your computer safe?
As mentioned, PuzzleMaker should no longer work. Both Google and Microsoft have fixed the relevant security flaws. But how can you keep your PC safe from other, similar threats that might emerge in the future – that could be out there right now?
The files that PuzzleMaker downloaded on infected computers are flagged by security programs. They are given labels like Trojan, Unsafe, and Generic: Virustotal.com.
At the time of writing, only 12/67 scanners on Virustotal.com flag the malicious file shared by Kaspersky.
Antivirus programs are great, but they are not as important for security as software updates: in this case, browser (Google Chrome) and operating system (Microsoft Windows) updates.
While keeping up with updates doesn’t guarantee that your computer will be safe from all exploits, it helps. For example, WannaCry successfully abused an exploit that had been patched before the attack. The problem was that the victims hadn’t applied the security update.
Check if your Windows 10 has the latest updates. Some users have problems with automatic reboots after updates. Make sure that your active hours are set up correctly. That way, you can avoid auto-restart for updates during active hours.
Updating Google Chrome is also automatic. You can check if an update is pending and then relaunch the browser to install it.