Windows users should be careful when prompted to update Java on their computers, so as not to end up installing malware instead, Microsoft warns in a recent blog post.
Java, a popular software from Oracle, has recently been found to pack a series of vulnerabilities that could compromise affected systems, and cybercriminals saw this as a great opportunity to lure customers into downloading their malware.
“Cybercriminals often use fake virus alerts to lure you into buying fraudulent antivirus software. These alerts state that your computer or other device is at risk, but clicking a link in one of them could lead you to downloading malicious software,” Microsoft explains.
“In the case of the fake Java updates, cybercriminals are taking advantage of news about security vulnerabilities in Java and recommendations to update Java immediately.”
Soon after the aforementioned vulnerability was found, Oracle has released a so-called Java 7 Update 11 to address it, and which is what cybercriminals tried to exploit, it seems.
To ensure that they do not fall victims to an attack, users should consider updating Java on their machines only directly from the Oracle website.
Additionally, they should turn on the automatic update feature in Java, which should pull new flavors of the software automatically on devices.
“If you don’t, then it’s a good idea to uninstall older versions of Java and disable Java in your browser like you would for any unused software,” Microsoft also notes.
Furthermore, the Redmond-based company notes that Java is only one of the pieces of software that cybercriminals target. To protect themselves, users should keep all apps on their computers up to date at all times.
“It’s important to keep all the software installed on your system up to date. For Microsoft software, you can use the Microsoft Update service,” the software giant also notes.
For additional info on the malware that hackers packed inside fake “Java Update 11,” have a look at this blog post.