Magniber ransomware being spread in the guise of a legit Microsoft Edge and Google Chrome update

Magniber ransomware pretends to be a legit Edge or Chrome update package. (Image Source: Unsplash)

Analysts have now discovered that attackers behind the Magniber ransomware, who have been exploiting IE-based vulnerabilities so far, are now targeting PCs via modern browsers such as Edge and Chrome. The Magniber ransomware is disguised as a legit update package for Edge or Chrome and comes as a signed .appx file. Installing this "update" will encrypt all user data and demand money for decryption.

Vaidyanathan Subramaniam, Published 01/16/2022 🇫🇷 🇪🇸 ...

Magniber is a ransomware that is being distributed using vulnerabilities known in Internet Explorer for quite some time now. However, analysts at the South Korea-based AhnLab Security Emergency Response Center (ASEC) have now discovered that Magniber is also being distributed via Microsoft Edge and Google Chrome disguised as a legitimate update package.

The Magniber ransomware infects vulnerable PCs running Edge and Chrome in the form of a browser update package. The malware is distributed as a signed .appx update package with a valid certificate. This means that Windows assumes this is a valid app and proceeds with installation. Once installed, the malicious .appx package creates two files — wjoiyyxzllm.dll and wjoiyyxzllm.exe — in a non-descript path within C:\Progam Files\WindowsApps. As most users will know, this is actually a protected folder meant only to contain properly signed Microsoft Store apps.

wjoiyyxzllm.exe loads wjoiyyxzllm.dll and executes a strange function called "mbenooj". The DLL file downloads the ransomware payload and decodes it. After this, the Magniber ransomware gets executed from memory of wjoiyyxzllm.exe and encrypts the user's files. A ransom note is then shown demanding money transfer in order to decrypt the data.

Though Magniber is not known to steal any files, it is currently not possible to decrypt and restore functionality without paying the ransom (this is assuming that the decryption key is even provided upon payment in the first place).

Therefore, it goes without saying that users should be careful while downloading files from various sources. Even signed .appx files can be potentially dangerous when obtained from unverified sources. Ensure that your critical data is always backed up and your security software's definitions are up to date.

You can also use Windows Defender's Controlled Folder Access function to prevent unauthorized access to critical files. For more information, check out our tutorial on how to enable Controlled Folder Access in Windows 10.

Magniber ransomware is disguised as a legit .appx update package for Edge and Chrome. (Image Source: ASEC)

Source(s)

ASEC

Ransomware attack affects production at a Foxconn factory in Mexico 06/03/2022

Google intends to purchase Mandiant to bolster Google Cloud's cybersecurity capabilities. (Image: Unsplash)

Google to acquire cybersecurity firm, Mandiant, for US$5.4 billion 03/09/2022

Fake Windows 11 upgrade website spreads malware that steals sensitive information. (Image: Unsplash)

Bad actors hide malware in fake Windows 11 upgrade site 02/17/2022

The FBI alerts customers to malicious QR codes that can direct them to phishing websites. (Image: Markus Winkler via Unsplash)

FBI warns that hackers are corrupting QR codes to conduct phishing attacks 01/21/2022

Safari on macOS and iOS 15 suffers from a serious privacy violation bug. (Image Source: Apple)

Unpatched Safari 15 bug on macOS, iOS 15, and iPadOS 15 found to expose browsing history and Google account info 01/17/2022

Ransomware group REvil taken down by the FBI

Ransomware group involved in the Colonial Pipeline attack hacked by the FBI 10/26/2021

AvosLocker reportedly stole sensitive customer information from Gigabyte (Image source: Panda Security)

Gigabyte hit by ransomware attack: NDA’d information and customer details leak out with hackers threatening worse 10/24/2021

Ransomware attacks may have cost businesses over US$5 billion in losses this year (Image source: Kaspersky)

US FinCEN watchdog reports that companies may have forked out nearly US$600 million in ransomware payments through 2021 10/16/2021

Over 10TB of user data was compromised in the data breach (Image source: Panda Security)

Canon is hit by massive ransomware attack: 10TB of user data at risk, with doubts as to whether or not images were compromised 08/06/2020

Security researchers load ransomware onto DSLR over WiFi and encrypt photos in WannaCry-styled attack 08/12/2019

How to protect critical data from ransomware in Windows 10 02/12/2018

Petya's decryption key is now available but tough luck for those affected by NotPetya. (Source: MalwareBytes Blog)

Master decryption key for Petya ransomware found to be ineffective against NotPetya 07/12/2017

Petya’s kill-chain diagram with platform defenses able to mitigate or prevent certain techniques in Windows 10. (Source: Microsoft)

Microsoft ensures Windows 10 is the only way to stay protected against ransomware attacks like Petya 07/04/2017

Negotiations with Microsoft by the Indian Government may offer users a low cost upgrade option to Windows 10. (Source: Microsoft)

Microsoft pressured to offer Windows 10 upgrades at 75 percent off due to ransomware attacks 07/02/2017

Loading Comments

Comment on this article

iOS 15 is beaten by its predecessor...

Apple iPhone 14 Pro and iPhone 14 P...

Vaidyanathan Subramaniam - Managing Editor - 1819 articles published on Notebookcheck since 2012

Though a cell and molecular biologist by training, I have been drawn towards computers from a very young age ever since I got my first PC in 1998. My passion for technology grew quite exponentially with the times, and it has been an incredible experience from being a much solicited source for tech advice and troubleshooting among family and friends to joining Notebookcheck in 2017 as a professional tech journalist. Now, I am a Lead Editor at Notebookcheck covering news and reviews encompassing a wide gamut of the technology landscape for Indian and global audiences. When I am not hunting for the next big story or taking complex measurements for reviews, you can find me unwinding to a nice read, listening to some soulful music, or trying out a new game.

contact me via: @Geeky_Vaidy

Please share our article, every link counts!

> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2022 01 > Magniber ransomware being spread in the guise of a legit Microsoft Edge and Google Chrome update

Vaidyanathan Subramaniam, 2022-01-16 (Update: 2022-01-16)

Magniber ransomware being spread in the guise of a legit Microsoft Edge and Google Chrome update

Source(s)

Related Articles