X

Beware Windows 7 users: Malware campaign targeting IoT devices

If you haven't upgraded to Windows 10 yet, you're at an increased risk of infection.

Alison DeNisco Rayome Managing Editor
Managing Editor Alison DeNisco Rayome joined CNET in 2019, and is a member of the Home team. She is a co-lead of the CNET Tips and We Do the Math series, and manages the Home Tips series, testing out new hacks for cooking, cleaning and tinkering with all of the gadgets and appliances in your house. Alison was previously an editor at TechRepublic.
Expertise Home Tips, including cooking, cleaning and appliances hacks Credentials
  • National Silver Azbee Award for Impact/Investigative Journalism; National Gold Azbee Award for Online Single Topic Coverage by a Team; National Bronze Azbee Award for Web Feature Series
See full bio
Alison DeNisco Rayome
2 min read

Windows 7 is officially dead, now that Microsoft has ended support for the operating system -- which means no more security updates or patches. Despite this, an estimated 200 million devices are still running the out-of-date system, and a malware campaign is targeting IoT devices still using it, according to a new report from TrapX Security. 

The malware used in the campaign is a self-spreading downloader, which runs malicious scripts as part of the Lemon_Duck PowerShell malware variant family. At this point, it has targeted a range of devices at manufacturing sites, including smart printers, smart TVs, and automated guided vehicles (AGVs), the report found. 

"With Windows 7 end of life, important security patches are no longer researched or provided by Microsoft to end users," Ori Bach, CEO of TrapX Security, told CNET. "This can leave anyone using Windows 7 susceptible to attack, not only by existing malware or attackers, but also by any new campaigns that develop in the future, which will exploit unknown vulnerabilities in Windows 7."

gettyimages-805460898

Devices still running Windows 7 are at increased risk of malware attacks.

 Getty/Katie Collins - PA Images

End of Windows 7 support hits industries like manufacturing particularly hard, as it relies on embedded devices running the OS that cannot be updated easily, leaving networks open to attacks like this. The malware in this campaign could cause IoT devices to malfunction, potentially harming workers on the manufacturing floor, disrupting production, and/or leaking sensitive data, according to the report. 

Watch this: Windows 10: Try these hidden features right now

"The average person is not a target for this type of attack, but consumers should understand that just as mobile phones of the past are now blazing fast computers in our hands and are susceptible to attack, the IoT devices that they buy are getting more and more advanced and are becoming a target for hackers to exploit," Bach told CNET. 

To avoid attacks that target Windows 7 on your devices, Microsoft recommends that you either upgrade to Windows 10 (which you can still do for free), or buy a new Windows 10 machine. But if you're a Windows 7 mainstay, you should at least follow these Windows 7 security tips to keep your device as safe as possible. 

Watch this: How to take Windows 10 screenshots