Financially motivated hackers are using a previously undocumented bug in Microsoft’s SmartScreen security feature to spread the Magniber ransomware, according to a new report. The cybercriminals have been able to exploit the zero-day vulnerability in SmartScreen since December, researchers from Google’s Threat Analysis Group (TAG) said. The Google team reported its findings about the bug and the ransomware group’s exploitation of it to Microsoft on February 15. Microsoft released a patch for the bug — CVE-2023-24880 — on Tuesday. SmartScreen is intended to catch phishing attempts and malware as part of Windows versions 10 and 11, as well as the company’s Edge web browser. A Microsoft spokesperson said customers who have applied the most recent patch are protected. TAG analysts said they have seen over 100,000 downloads of malicious MSI files used in the ransomware campaign since January 2023, with 80% of those downloads by users in Europe. MSI files are similar to the familiar .EXE files, in that both types are used to install and launch Windows programs. The researchers noted that typically the Magniber ransomware has been aimed at organizations in South Korea and Taiwan. Cybersecurity companies began tracking it about six years ago. TAG’s discovery marks the second time in about six months that the operators of Magniber have used zero-days to dodge SmartScreen and trick computer users into downloading the disguised ransomware from infected websites.
https://therecord.media/ransomware-zero-day-microsoft-google
Customer Reviews
You must log in to post a comment.
Thanks for submitting your comment!