TrojanDownloader:Win32/CryptedLoader.Z

Guidance for individual users

Keep your operating system and antivirus products up to date. The following steps also help to prevent such an attack:

• Pay close attention to where you’re downloading an application from as it may be a spoofed website — even if it’s from the first search result.
• Check the publisher to make sure it’s the expected, legitimate publisher for the application you’re trying to download.

To learn more about preventing trojans or other malware from affecting individual devices, read about preventing malware infection. For more tips on how to keep your device safe, go to the Microsoft security help & learning portal.

Guidance for enterprise administrators

Apply these mitigations to reduce the impact of this threat. Check the recommendations card for the deployment status of monitored mitigations.

Initial access

• Educate end users about protecting personal and business information in social media, filtering unsolicited communication, identifying lures in spear-phishing email and watering holes, and reporting of reconnaissance attempts and other suspicious activity.
• Encourage users to use Microsoft Edge and other web browsers that support SmartScreen, which identifies and blocks malicious websites. Turn on network protection to block connections to malicious domains and IP addresses.

Security controls

• Turn on attack surface reduction rules, including rules that block malware activity and other activities associated with human adversaries. To assess the impact of these rules, deploy them in audit mode.
• Use Microsoft Defender for Office 365 for enhanced phishing protection and coverage against new threats and polymorphic variants. Defender for Office 365 customers should ensure that Safe Links protection is enabled for users with Zero-hour Auto Purge (ZAP) to remove emails when a URL gets weaponized post-delivery.
• Ensure internet-facing assets have the latest security updates. Audit these assets regularly for suspicious activity.