Winos 4.0 Malware Alert: Protect Your PC from Fake NSIS Installers
1 min read
Summary
Winos 4.0 is a type of malware that can steal cryptocurrency, passwords, and data, as well as monitor screenshots, webcams and microphones.
It is usually brought in by an unsuspecting user through a fake NSIS (Nullsoft Scriptable Install System) application, a type of software installer for Windows.
You should always verify the digital signature of installers and Autoruns can be used to detect fake NSIS entries.
Windows has its own Security app which can offer some protection, enabling users to prevent NSIS installers from executing and adding exclusions to Windows Defender.
Unauthorised exclusions can also be prevented from running in PowerShell, using the command: Remove-MpPreference -ExclusionPath C:,D:,E:,F:,G:,H:,I:,J:,K:,L:,M:,N:,O:,P:,Q:,R:,S:,T:,U:,V:,W:,X:,Y:,Z:.
Furthermore, users can also restrict execution policy for bad scripts.
