back to article Crims abusing Microsoft Quick Assist to deploy Black Basta ransomware

A cybercrime gang has been abusing Microsoft's Quick Assist application in social engineering attacks that ultimately allow the crew to infect victims with Black Basta ransomware. This, according to Redmond, which said the campaign has been ongoing since mid-April, and blamed a financially motivated group it tracks as Storm- …

  1. Anonymous Coward
    Anonymous Coward

    ... I was not aware Quick Assist was on my computer, installed by default. It never even occurred to me to have to check if I had remote access software on my computer.

    That's such an awful idea security-wise, why would they do that?

    That's yet another thing to add to "the list" to do to a new Windows install, next to disabling forced automatic updates, ads and copilot.

    1. Yorick Hunt Silver badge

      More of Microsoft's "you're too stupid to own a computer, so let us manage it all for you" mantra.

      To be fair, they've had "remote assistance" installed and enabled by default since at least XP (it's on the same settings tab as remote access), but the newer version is far easier to exploit and far harder to track down to disable/remove - and I'm sure that each and every update will re-enable/re-install it, just like they do with OneDrive, Teams and XBox crap.

      1. Pascal Monett Silver badge

        Exactly. Quick Assist is just the new name for it.

        And yes, I have always hunted that bastard down and disabled it every time I (re-) installed Windows, since XP (among other things).

      2. UnknownUnknown

        ‘Secure by Design’ ?

        1. Anonymous Coward
    2. MatthewSt

      From past experience it was worst of both worlds: it was installed out of the box but needed an update installing to actually work.

      Considering you need to have registered for a Microsoft account and be signed in to offer support it's a shame they can't just put some verification on that.

  2. Doctor Syntax Silver badge

    "Quick Assist is a software tool installed by default in Windows 11 that allows someone to share their PC or macOS device with a remote user"

    What could possibly go wrong?

  3. Mr Dogshit

    "That's such an awful idea security-wise, why would they do that?"

    Yeah, BAD MICROSOFT. NAUGHTY MICROSOFT. How dare they include a useful support tool for free?

    1. Anonymous Coward
      Anonymous Coward

      Re: "That's such an awful idea security-wise, why would they do that?"

      Exactly - I use it across my organisation, as it's free and it works. Why pay TeamViewer or Webex for the privilege of having your systems compromised if the real culprit is social engineering?

      1. sedregj

        Re: "That's such an awful idea security-wise, why would they do that?"

        Take a look at MeshCentral. Open Source and you host it yourself, with obvious security benefits. It is properly cross platform too.

        Its main developer used to work for Intel but was laid off and was snapped up by Microsoft. Development is continuing apace.

    2. nightflier

      Re: "That's such an awful idea security-wise, why would they do that?"

      I use it a lot. It works well. Security-wise, I find it just as good or better than "go to this website and download this executable". At least the user have to actively launch the application, enter a code, and click accept to allow the remote user to connect. Some other systems allow full remote control after two mouse clicks by the user.

      1. jaffy2

        Re: "That's such an awful idea security-wise, why would they do that?"

        I've always thought Quick Assist to be an undersold tool of Windows 11. Last time I used it, it did require a user initiated update through the Store.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like