The latest threat? A Trojan malware that is so cleverly disguised that it can fool even experienced users: “Big Head” – a pest that hides behind fake Windows updates and Microsoft Word installers.

The Wolf in Sheep's Clothing: Big Head Trojan

The strategy of hiding malware in seemingly legitimate software is not entirely new. But what makes “Big Head” so special is the way he gets up to mischief. The unsuspecting user thinks they are performing a useful Windows update. However, in the background, the malware installs and activates the encryption of the system.

This perfidious strategy was discovered by security researchers at Fortinet and detailed report by Trend Micro

The many faces of “Big Head”

“Big Head” is distributed in three variants. Each variant is designed to maximize the effectiveness of the malware.

One variant displays a fake Windows Update window, suggesting that the ransomware was distributed as a fake Windows Update installer. Another variant shows a Microsoft Word symbol and was probably offered as fake software to be downloaded.

Big Head consists of a .NET binary. This installs three AES encrypted files on the target system. One of them is used to spread the malware, another is used to communicate with the Telegram bot. The third file encrypts files and can also show a fake Windows update to the user.

The nasty tricks of “Big Head”

Once activated, the ransomware performs a series of actions. It creates a registry key, overwrites existing files, sets the attributes of system files, and disables Task Manager. Shadow copies are then deleted to prevent easy system restore before the files are encrypted and given a “.poop” extension.

But that is not all. To prevent tampering with the encryption process and release data that the malware aims to block, Big Head also terminates various security processes. In this way, the malware prevents antivirus programs from stopping its malicious work.

During encryption, the ransomware displays a screen that simulates a legitimate Windows update. Once the encryption is complete, the ransom note is placed in various directories and the victim's screen wallpaper is changed to indicate the infection.

Average users targeted

Big Head appears to specifically target consumers who are easily fooled by fake Windows updates or have difficulty understanding and implementing security measures. This means it is less of a threat to companies and more of a threat to individual users.

Big Head ransomware is an alarming example of the sophisticated techniques cybercriminals use to infiltrate their victims' systems. They disguise themselves as legitimate software, such as Windows updates or Microsoft Word installers. This allows them to trick users into infecting their own systems. Once this happens, the malware performs a series of actions.

The aim is to encrypt the system and force the user to pay a ransom. What is particularly concerning is that this ransomware specifically targets less tech-savvy consumers who may not be able to detect the threat until it is too late.

Conclusion

Mindfulness is essential in the digital age. Therefore, it is advisable to update software regularly. Only trustworthy sources should be used for downloads.

Users should be aware that antivirus programs should always be kept up to date and run at regular intervals. Ultimately, the best defense against threats like Big Head is user awareness and training.

This might also interest you:

Facebook scam with photo of missing girl
Old legends don't die: The GPS key fob hoax at gas stations is back!
When you can use ChatGPT and when not! A fact check!


If you enjoyed this post and value the importance of well-founded information, become part of the exclusive Mimikama Club! Support our work and help us promote awareness and combat misinformation. As a club member you receive:

📬 Special Weekly Newsletter: Get exclusive content straight to your inbox.
🎥 Exclusive video* “Fact Checker Basic Course”: Learn from Andre Wolf how to recognize and combat misinformation.
📅 Early access to in-depth articles and fact checks: always be one step ahead.
📄 Bonus articles, just for you: Discover content you won't find anywhere else.
📝 Participation in webinars and workshops : Join us live or watch the recordings.
✔️ Quality exchange: Discuss safely in our comment function without trolls and bots.

Join us and become part of a community that stands for truth and clarity. Together we can make the world a little better!

* In this special course, Andre Wolf will teach you how to recognize and effectively combat misinformation. After completing the video, you have the opportunity to join our research team and actively participate in the education - an opportunity that is exclusively reserved for our club members!


Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )