Malware campaign targets companies waiting for Kaseya security patch

Malware campaign targets companies waiting for Kaseya security patch

Malware campaign targets companies waiting for Kaseya security patch

While the world continues to wait for Kaseya to issue an update to patch VSA installations against a vulnerability exploited by the REvil ransomware gang, security firm Malwarebytes has spotted a malware campaign which is taking advantage of the vacuum.

In a tweet, security researchers shared details of a malicious email that was sent to a business in the UK, posing as a security update.

Kaseya update malware campaign

Guys please install the update for microsoft to protect against ransomware as soon as possible. This is fixing a vulnerability in Kaseya.

Attached to the email was a file called SecurityUpdates.exe, and the link itself actually pointed to a server containing a malicious download.

The intent of the attack appears to have been to install Cobalt Strike, which could have granted malicious hackers remote access to the targeted company’s network and PCs.

EmailSign up to our newsletter
Security news, advice, and tips.

It should go without saying that you should always get security updates directly from the vendor, rather than trust attachments and links that have been emailed to you.

The latest news from Kaseya is that its attempt to bring its SaaS services back online has failed, missing its original intention of making systems online and accessible by July 7th 6AM US EDT:

During the VSA SaaS deployment, an issue was discovered that has blocked the release. Unfortunately, the VSA SaaS rollout will not be completed in the previously communicated timeline. We apologize for the delay and R&D and operations are continuing to work around the clock to resolve this issue and restore service. We will be providing a status update at 8 AM US EDT.

It’s unclear presently whether its patch for on-premises VSA software is similarly delayed, but I wouldn’t be surprised.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy.

Follow him on Twitter at @gcluley, or drop him an email.

Leave a Reply

Your email address will not be published. Required fields are marked *