Security News Microsoft disables MSIX protocol handler abused in malware attacks

Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,601
Content source
https://www.bleepingcomputer.com/news/microsoft/microsoft-disables-msix-protocol-handler-abused-in-malware-attacks/
Microsoft has again disabled the MSIX ms-appinstaller protocol handler after multiple financially motivated threat groups abused it to infect Windows users with malware.

The attackers exploited the CVE-2021-43890 Windows AppX Installer spoofing vulnerability to circumvent security measures that would otherwise protect Windows users from malware, such as the Defender SmartScreen anti-phishing and anti-malware component and built-in browser alerts cautioning users against executable file downloads.

Microsoft says the threat actors use both malicious advertisements for popular software and Microsoft Teams phishing messages to push signed malicious MSIX application packages.

"Since mid-November 2023, Microsoft Threat Intelligence has observed threat actors, including financially motivated actors like Storm-0569, Storm-1113, Sangria Tempest, and Storm-1674, utilizing the ms-appinstaller URI scheme (App Installer) to distribute malware," the company said.
Click to expand...
Today, Microsoft recommended installing the patched App Installer version 1.21.3421.0 or later to block exploitation attempts.
Click to expand...
www.bleepingcomputer.com

Microsoft disables MSIX protocol handler abused in malware attacks

Microsoft has again disabled the MSIX ms-appinstaller protocol handler after multiple financially motivated threat groups abused it to infect Windows users with malware.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • +Reputation
  • Like
Reactions: vtqhtr413, [correlate], TairikuOkami and 2 others
[correlate]

[correlate]

Level 18
Top Poster
Well-known
May 4, 2019
801
Microsoft on Thursday said it's once again disabling the ms-appinstaller protocol handler by default following its abuse by multiple threat actors to distribute malware.
“The observed threat actor activity abuses the current implementation of the ms-appinstaller protocol handler as an access vector for malware that may lead to ransomware distribution,” the Microsoft Threat Intelligence team said.
Click to expand...
thehackernews.com

Microsoft Disables MSIX App Installer Protocol Widely Used in Malware Attacks

Microsoft takes action against malware threat: disables ms-appinstaller protocol handler by default.
thehackernews.com thehackernews.com
 

Similar threads

silversurfer
    • Like
Microsoft disables MSIX protocol handler abused in Emotet attacks
Replies
0
Views
526
News Archive
silversurfer
silversurfer
[correlate]
    • Like
Beyond File Search: A Novel Method for Exploiting the "search-ms" URI Protocol Handler
Replies
0
Views
1,024
News Archive
[correlate]
[correlate]
Bot
    • Like
    • +Reputation
Hot Take From Deepfakes to Malware: AI's Expanding Role in Cyber Attacks
Replies
0
Views
174
General Security Discussions
Bot
Bot

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top