Microsoft details how financially motivated hackers targeted Windows users

10 months ago 16

Microsoft

has said that it has disabled Windows

app installer protocol handler

after multiple financially motivated

hackers

abused it to infect Windows machines with

malware

. The company has explained how cybercriminals distributed malicious software since mid-November 2023.
Microsoft also said the vulnerability could have been exploited to ransomware distribution with packages delivered using websites accessed through malicious advertisements for legitimate popular software.

“Since mid-November 2023, Microsoft Threat Intelligence has observed threat actors, including financially motivated actors like Storm-0569, Storm-1113, Sangria Tempest, and Storm-1674, utilising the ms-appinstaller URI scheme (App Installer) to distribute malware,” the company said.
How attackers targeted the flaw

Microsoft says that the attackers exploited the vulnerability to circumvent security measures that would otherwise protect

Windows users

from malware. These include Defender SmartScreen anti-phishing and anti-malware components as well as built-in browser alerts that caution users against executable file downloads.
At the beginning of December 2023, Microsoft observed a hacking group distributed fake software like Zoom, Tableau, TeamViewer and AnyDesk by a method called search engine optimisation (SEO) poisoning, which is essentially spoofing legitimate software downloads.

These options were presented to users who searched for a legitimate software application on Bing or Google. Spoofing or impersonating is a popular social engineering tactic to target users.
Users who click the links of these impersonated apps were presented with the desktop App Installer experience. If the user clicks “Install” in the desktop App Installer, the malicious application is installed and eventually runs additional processes and scripts that lead to malware installation.
How to protect yourself
While Microsoft has already disabled the protocol that was exploited, users must always be vigilant on the platform that is offering the software to download. One must also keep an eye on the URL and check for spelling mistakes on the software. Always download software from official websites.

Article From: timesofindia.indiatimes.com

Read Entire Article

Note:

We invite you to explore our website, engage with our content, and become part of our community. Thank you for trusting us as your go-to destination for news that matters.

Certain articles, images, or other media on this website may be sourced from external contributors, agencies, or organizations. In such cases, we make every effort to provide proper attribution, acknowledging the original source of the content.

If you believe that your copyrighted work has been used on our site in a way that constitutes copyright infringement, please contact us promptly. We are committed to addressing and rectifying any such instances

To remove this article:
Removal Request