Sunday, December 22, 2024
Advertisement
  1. You Are At:
  2. News
  3. Technology
  4. Microsoft takes action against malware distribution through 'App Installer'

Microsoft takes action against malware distribution through 'App Installer'

As mentioned in the report, the observed activity includes spoofing legitimate applications, luring users into installing malicious MSIX packages posing as legitimate applications, and evading detections on the initial installation files.

Edited By: Saumya Nigam @snigam04 New Delhi Published : Dec 31, 2023 18:21 IST, Updated : Dec 31, 2023 18:21 IST
Microsoft takes action against malware distribution through
Image Source : FILE Microsoft takes action against malware distribution through 'App Installer'

Microsoft has disabled its ms-app installer URI scheme (App Installer) after observing that the threat actors are using the tool to distribute malware. As per the blog from Microsoft Threat Intelligence, the tech giant has been observing threat actors since mid-November 2023.

Microsoft stated. "Since mid-November 2023, Microsoft Threat Intelligence has observed threat actors, including financially motivated actors like Storm-0569, Storm-1113, Sangria Tempest, and Storm-1674, utilising the ms-appinstaller URI scheme (App Installer) to distribute malware.”

It further added, "In addition to ensuring that customers are protected from observed attacker activity, Microsoft investigated the use of App Installer in these attacks. In response to this activity, Microsoft has disabled the ms-appinstaller protocol handler by default.”

The tech giant notes the observed threat actor’s activity which was involved in the exploitation of the current implementation of the ms-appinstaller protocol handler. This misuse serves as an access vector for malware, which potentially results in the distribution of ransomware.

Furthermore, it observed the multiple cybercriminals who are selling a malware kit as a service that abuses the MSIX file format and ms-appinstaller protocol handler.

The company stated, "These threat actors distribute signed malicious MSIX application packages using websites accessed through malicious advertisements for legitimate popular software. A second vector of phishing through Microsoft Teams is also in use by Storm-1674.”

According to Microsoft, hackers have likely chosen the ms-appinstaller protocol handler vector because "it can bypass mechanisms designed to help keep users safe from malware, such as Microsoft Defender SmartScreen and built-in browser warnings for downloads of executable file formats".In mid-November of this year, Microsoft Threat Intelligence discovered many cyber gangs employing App Installer as a conduit for ransomware operations.

As mentioned in the report, the observed activity includes spoofing legitimate applications, luring users into installing malicious MSIX packages posing as legitimate applications, and evading detections on the initial installation files.

ALSO READ: Here is how you can buy an iPhone 15 below Rs 70,000 | Limited period offer you must not miss

 

Advertisement

Read all the Breaking News Live on indiatvnews.com and Get Latest English News & Updates from Technology

Advertisement
Advertisement
Advertisement
Advertisement