Although security professionals frequently emphasize the necessity of keeping software up to date, fraudsters have begun sending fraudulent browser upgrades to Microsoft Edge users. For years, fraudsters have relied on fake software updates to trick people into downloading malware. This is because they may simply fool naïve people with a convincingly tailored message that contains the perfect balance of implied intimidation and seriousness.
While Flash updates were once a common feature of web-based malware operations, Adobe discontinued the popular software about a year ago, prompting cybercriminals to shift their focus to browsers. One factor for this is that browsers like Google Chrome and Microsoft Edge are updated so regularly that many people wait until they are available to install them.
Malwarebytes’ threat intelligence team joined hands with nao sec researchers to analyze a newly found upgrade to the Magnitude exploit kit that was deceiving users into installing a fraudulent Microsoft Edge browser update, according to a recent post.
The Magnitude exploitation kit targets people and installs ransomware on their computers using a variety of social engineering tricks and attacks. Even though it has previously been used to infect victims all over the globe with several ransomware strains, it is now predominantly used to infect people in South Korea with the Magniber ransomware.
A user visits an ad-heavy page where they face a malicious ad that takes them to a “gate” known as Magnigate, which Malwarebytes is investigating. The IP address and browser of the users are checked to see if they should be attacked. The user is subsequently sent to the Magnitude exploit kit landing page if they meet the parameters. They are then directed to download a Microsoft Edge update, which is actually a malicious Windows Application package (.appx) file. The Magniber ransomware is then downloaded, which encrypts their files and demands a payment.
To avoid being a victim of this and other ransomware attacks, users should invest in ransomware protection and be aware that Microsoft Edge updates itself when you restart the browser.