Quick Links
An emerging new threat dubbed “cluster bomb malware” is infecting systems globally with a massive payload of malware. It’s easy to wonder: what is cluster bomb malware, and how can you protect your devices? Here’s what you should know.
What Is Cluster Bomb Malware?
Cluster bomb malware is a technique hackers use to infiltrate computer systems with a package of unrelated malware rather than any one specific application or set of related applications.
The cluster bomb, once activated, essentially opens each successive piece of malware in a “tree” of stages. Typical cluster bombs include “stealer” applications that harvest personal information, such as Redline and Mystic Stealer, and loader programs like SmokeLoader that help hackers gain more access to your computer. The malware also appears different, depending on the target. As perOutpost24, researchers at KrakenLabs spotted malware delivering between four and seven different stages.
According to security researcherHector Garcia, 50% of the uploaded samples of cluster bomb malware on VirusTotal originated from the United States. Businesses and organizations seem to be the primary targets, but it’s impossible to know because many regular users don’t upload virus samples.
The organization behind the cluster bomb malware, known as Unfurling Hemlock, seems to have an overall objective of infecting as many systems as possible and making financial gain by stealing people’s personal information and logins. While cluster bomb malware is still rare, it’s vital to protect yourself.
How to Protect Yourself From Cluster Bomb Malware
While it’s impossible to completely guard your computer from viruses, there are steps you can take to protect yourself from cluster bomb malware. Furthermore, most of the malware launched using Unfurling Hemlock’s cluster bomb malware is relatively well-known, so your existing antivirus and antimalware solutions should take care of it—so long as you’re up to date!
Guard Your System With Antivirus
First and foremost, it’s important to guard your system with a good antivirus application. Windows Security is normally a good option, but the package of malware used in cluster bombs usually includes an application capable of disabling Windows Security.
Windows Security is still one of the best antivirus applications out there, but it doesn’t hurt to use another antivirus application if you want to cover your bases. You’ll just need to adjust your settings toprevent Windows Security from blocking other antivirus applications.
Browse the Web and Open Emails Carefully
It’s also important for you to browse the web carefully. Unfurling Hemlock, the group behind the attack, spreads the infection through malicious emails with a “WEXTRACT.EXE” file. If that file executes, it unpacks the malware contained in the cluster bomb.
Since emails are Unfurling Hemlock’s primary transmission method, you may avoid most of the threat byscrutinizing the emails you receiveand refusing to open anything suspicious. Cluster bomb malware isn’t known to spread in other ways, but good browsing habits will also help keep your devices safe.
Keep Your System Up-to-Date
Most importantly, you should keep your system up-to-date to defend it from all forms of malware. Windows frequently releases updates that include security patches, which are usually installed automatically.
You can double-check whether your system is configured to update automatically by navigating toSettings > Update & Security > Windows Update. If your computer needs any security patches, there will be a red message readingYour device is missing important security and quality fixes.
You can install these fixes by scrolling to the bottom of the page and clicking theDownloadbutton. You can also make newer security updates available to you by enabling theGet the latest updates as soon as they’re availabletoggle lower on the page.
