App Review Microsoft Defender vs Magniber

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
cruelsister
eonline

eonline

Level 21
Verified
Well-known
Nov 15, 2017
1,083
Wonderful music, the video shows that WD is not efficient with this Malware variant which leaves me concerned because it is my current setup. It even bypassed the WD protected folders. Thank you very much for sharing.
 
  • Like
  • Thanks
Reactions: franz, dinosaur07, Idanox and 9 others
Shadowra

Shadowra

Level 36
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,586
Good job Meghan ! ;) (followed + liked)

I suspected that Magniber would also pass the Microsoft Defender anti-ransomware shield, even in hardened...
This Ransomware is quite violent, I've already managed to bypass the anti-ransomware protection of Bitdefender and F-Secure....

Hopefully the editors will wake up soon! (Kaspersky & ESET have done some detections in Hexa)
 
  • Like
  • Wow
Reactions: windows1064, DJ Panda, brambedkar59 and 20 others
wat0114

wat0114

Level 13
Verified
Top Poster
Well-known
Apr 5, 2021
620
Excellent video, thanks. It would be interesting to know what process(es) in the infection chain ultimately did the encryption damage, especially when there were two visible alerts generated by Defender. Did Defender actually block those two attempts or did one or both of them blow right through it, or was it something else that Defender failed to block?
 
Last edited:
  • Like
Reactions: ForgottenSeer 94943, Vasudev, vtqhtr413 and 8 others
Trooper

Trooper

Level 17
Verified
Top Poster
Well-known
Aug 28, 2015
801
Shadowra said:
Good job Meghan ! ;) (followed + liked)

I suspected that Magniber would also pass the Microsoft Defender anti-ransomware shield, even in hardened...
This Ransomware is quite violent, I've already managed to bypass the anti-ransomware protection of Bitdefender and F-Secure....

Hopefully the editors will wake up soon! (Kaspersky & ESET have done some detections in Hexa)
Click to expand...

Are Kaspersky and ESET the only two av companies that provide detection for this threat?
 
  • Like
Reactions: Sunshine-boy, Vasudev, franz and 8 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,510
Hit and sunk filelessly. :)(y)

The Enterprises can be impacted via exploit kits (like Magnitude) used to compromise the network and deliver the Magniber.

The home users can be impacted when using pirated software or instructed on shady forums to install the update from an unsafe source.

The transmission method is still various forums, cracked software websites, fake pornographic websites, etc. When users visit these websites, they are induced to download from third-party network disks.
Click to expand...

Win11 users beware! Magniber ransomware has been upgraded again, aiming at win11 | 360 Total Security Blog

At the end of April this year, the Magniber ransomware disguised as a Windows 10 upgrade patch package and spread widely, and 360 Security Center...
blog.360totalsecurity.com blog.360totalsecurity.com
 
  • Like
  • +Reputation
  • Sad
Reactions: kylprq, Vasudev, vtqhtr413 and 10 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,510
wat0114 said:
Excellent video, thanks. It would be interesting to know what process(es) in the infection chain ultimately did the encryption damage, especially when there were two visible alerts generated by Defender. Did Defender actually block those two attempts or did one or both of them blow right through it, or was it something else that Defender failed to block?
Click to expand...
These two blocks were related to disk sectors, they did not block the modifications into the folders.
I think that the files can be restored via OneDrive synchronization (suggested by Microsoft).
There are two interesting questions:
  1. Did the malware get high privileges?
  2. Did the malware delete volume shadow copies?
 
  • Like
  • Thanks
Reactions: Vasudev, vtqhtr413, franz and 8 others
Andy Ful

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,510
Although any video with working ransomware can be kinda shocking, the truth is that there is no need to worry. The method used by Magniber (MSI file) is very rarely used against home users.

Furthermore, for any AV one can find working malware. There is no perfect & usable protection against malware. Even such a strong protection like CF with @cruelsister settings cannot save many users. Of course, the installer/fix will be blocked, but this is expected for pirated software, game mods, or cracks. The blocked malware cannot expose the malicious actions, so the user will simply turn off the protection and still can be infected.

Microsoft can efficiently (but not perfectly) fight such malware in several ways:
  1. Making the samples very short-living (Block At First Sight + post-execution detections). Even if the sample could infect a few users, then after several minutes other users can be often protected against this sample.
  2. Adding the methods used by ransomware to ASR rules.
  3. Blocking delivery paths, when the malicious actors would like to use the malware in widespread attacks (weaponized documents, scripts, etc.).
  4. Adding the malicious URLs to SmartScreen (used also system-wide by Defender's Network Protection).
So, we will see the normal cat & mouse game. When Microsoft (or any other AV) is going to improve the protection, the Magniber fellows will make necessary modifications, and so on.
 
Last edited:
  • Like
  • +Reputation
Reactions: ForgottenSeer 94943, vtqhtr413, franz and 10 others
Anthony Qian

Anthony Qian

Level 10
Verified
Well-known
Apr 17, 2021
453
Shadowra said:
Good job Meghan ! ;) (followed + liked)

I suspected that Magniber would also pass the Microsoft Defender anti-ransomware shield, even in hardened...
This Ransomware is quite violent, I've already managed to bypass the anti-ransomware protection of Bitdefender and F-Secure....

Hopefully the editors will wake up soon! (Kaspersky & ESET have done some detections in Hexa)
Click to expand...
A tester has already tested Magniber vs Microsoft Defender configured to Max Protection, and files were still encrypted.
 
  • Like
  • Wow
Reactions: Sunshine-boy, franz, Dave Russo and 5 others

Similar threads

Gandalf_The_Grey
    • +Reputation
    • Like
Malware News Surge in Magniber ransomware attacks impact home users worldwide
Replies
2
Views
2,493
Security News
Jonny Quest
Jonny Quest
Shadowra
    • Like
    • +Reputation
    • Thanks
App Review Microsoft Defender Antivirus + Windows 11 Smart App Control (SAC)
Replies
44
Views
3,302
Video Reviews - Security and Privacy
tofargone
tofargone
Shadowra
    • Like
    • +Reputation
    • Thanks
App Review Microsoft Defender Antivirus (Default Settings + DefenderUI Recommanded Settings)
Replies
34
Views
3,236
Video Reviews - Security and Privacy
lokamoka820
lokamoka820

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top