Microsoft takes action against malware distribution through 'App Installer'
India TV NewsMicrosoft has disabled its ms-app installer URI scheme after observing that the threat actors are using the tool to distribute malware. As per the blog from Microsoft Threat Intelligence, the tech giant has been observing threat actors since mid-November 2023. "Since mid-November 2023, Microsoft Threat Intelligence has observed threat actors, including financially motivated actors like Storm-0569, Storm-1113, Sangria Tempest, and Storm-1674, utilising the ms-appinstaller URI scheme to distribute malware.” It further added, "In addition to ensuring that customers are protected from observed attacker activity, Microsoft investigated the use of App Installer in these attacks. The company stated, "These threat actors distribute signed malicious MSIX application packages using websites accessed through malicious According to Microsoft, hackers have likely chosen the ms-appinstaller protocol handler vector because "it can bypass mechanisms designed to help keep users safe from malware, such as Microsoft Defender SmartScreen and built-in browser warnings for downloads of executable file formats".In mid-November of this year, Microsoft Threat Intelligence discovered many cyber gangs employing App Installer as a conduit for ransomware operations.