Whether it comes from advertisements on search engine results pages or through well-known websites, malvertising seems to be experiencing a revival these days. Today’s browsers are more secure than they were five or ten years ago, therefore many of the assaults we are seeing require social engineering in some way.
Users are being redirected by a threat actor to what appears to be a Windows security update via fraudulent advertising. Because it depends on the web browser to provide a full-screen animation that closely mimics what you might expect from Microsoft, the scheme is really well developed. A recently discovered loader, which at the time of the campaign was unaware of malware sandboxes and managed to get past almost all antivirus engines, is being used by the phoney security update.