Microsoft takes action against malware distribution through 'App Installer'
Microsoft has disabled its ms-app installer URI scheme after observing that the threat actors are using the tool to distribute malware. As per the blog from Microsoft Threat Intelligence, the tech giant has been observing threat actors since mid-November 2023. "Since mid-November 2023, Microsoft Threat Intelligence has observed threat actors, including financially motivated actors like Storm-0569, Storm-1113, Sangria Tempest, and Storm-1674, utilising the ms-appinstaller URI scheme to distribute malware.” It further added, "In addition to ensuring that customers are protected from observed attacker activity, Microsoft investigated the use of App Installer in these attacks. The company stated, "These threat actors distribute signed malicious MSIX application packages using websites accessed through malicious According to Microsoft, hackers have likely chosen the ms-appinstaller protocol handler vector because "it can bypass mechanisms designed to help keep users safe from malware, such as Microsoft Defender SmartScreen and built-in browser warnings for downloads of executable file formats".In mid-November of this year, Microsoft Threat Intelligence discovered many cyber gangs employing App Installer as a conduit for ransomware operations.
Discover Related
Microsoft warns users about a powerful new Mac malware: What you should know
Microsoft warns about new variant of modular macOS malware called XCSSET
Telangana: Cyber Fraudsters Target Citizens with Fake PM Schemes Apps
AI-Driven Cyberattacks: A Growing Threat to Businesses
HP threat intelligence finds gen AI being used to craft malware
Notorious Iranian Hackers Have Been Targeting the Space Industry With a New Backdoor
Microsoft apps on Apple macOS susceptible to code injection attacks, find researchers
Microsoft OneDrive users in India could be tricked into installing a malware this way
CrowdStrike CEO warns of hacking threat as outage persists
Fast and automated: Global tech outage shows hazards of cloud software updates
Traders At Nuvama, 5paisa, Motilal Oswal Hit By Microsoft Cloud Outage; Know Details
Microsoft Edge users need to urgently update their browsers: Here's why
Roblox users targeted by new malware threat
Threat actors target Microsoft Teams using group chat invites: Report
Microsoft Edge browser renamed for iOS and Android devices | All you need to know
Microsoft’s Digital Crime Unit Goes Deep on How It Disrupts Cybercrime
Microsoft Does Damage Control With Its New ‘Secure Future Initiative’
CERT-In issues alert against LuaDream info-stealing malware
Patched bugs in Apple and Google software exploited in spyware attacks: Report
Why is India’s Defence Ministry ditching Microsoft Windows for Ubuntu-based Maya
Microsoft says Russia-linked hackers behind dozens of Teams phishing attacks
Urgent warning for Android users over apps that steal your bank details
U.S., Microsoft warn Chinese hackers attacking 'critical' infrastructure
Microsoft: State-sponsored Chinese hackers could be laying groundwork for disruption