Threat IntelligenceApr 8, 2026
systemautoupdater[.]com mon.systemautoupdater[.]com 23.27.141[.]44 š¤ š¤·āāļø https://t.co/ExbR94BUE2
Suspicious domains and IP address associated with system updater malware infrastructure identified.
Summary
Security researchers have identified malicious infrastructure related to a fake system updater campaign, including two domains (systemautoupdater[.]com and mon.systemautoupdater[.]com) and an associated IP address (23.27.141[.]44). This appears to be part of a broader malware distribution or command-and-control network leveraging legitimate-sounding system update branding.
Indicators of Compromise
- domain ā systemautoupdater[.]com
- domain ā mon.systemautoupdater[.]com
- ip ā 23.27.141.44
Entities
System Updater Malware Campaign (campaign)