Wednesday, May 21, 2025
HomeRansomwareBeware!! Magniber Ransomware Delivered via Microsoft Edge and Google Chrome as an...

Beware!! Magniber Ransomware Delivered via Microsoft Edge and Google Chrome as an Update

Published on

SIEM as a Service

Follow Us on Google News

In an ongoing campaign, the threat actors are distributing Magniber ransomware as an update through modern web browsers.

Cybersecurity researchers at ASEC have closely monitored Magniber and reported that to deploy this ransomware the operators behind it are actively exploiting the Internet Explorer (IE) vulnerabilities for the last couple of years.  

But, now apart from Internet Explorer (IE), currently, the hackers are also exploiting the modern web browsers:- 

- Advertisement - Google News
  • Microsoft Edge
  • Google Chrome

Technical Analysis

In the image below the distribution pages are shown that are opened in Microsoft Edge and Google Chrome, prompting users to install the fake update package with “.appx” extension. 

This fake Chrome or Edge’s Windows update package with .appx extension contains an authentic certificate which makes it look legit and allows the installation of the fake package.

Later, in the child paths of C:\Program Files\WindowsApps when the fake downloaded APPX package was executed, it automatically puts the maliciously crafted EXE and DLL files with the following name:-

  • For EXE file: wjoiyyxzllm.exe
  • For DLL file: wjoiyyxzllm.dll

Now here at this stage, the wjoiyyxzllm.exe file loads the wjoiyyxzllm.dll to execute a distinct function that is dubbed as “mbenooj.” After completing these stages now the Magniber ransomware gets deployed from the memory of wjoiyyxzllm.exe.

Once deployed, the ransomware starts encrypting all the files present on the user’s system and leaves a ransom note after completing the encryption procedure.

Now if you are thinking that why “APPX” files were chosen by the threat actors? They chose the APPX files due to their wide usage. However, in the below video you can see the whole thing in action.

Moreover, if anyone wants to decrypt the files encrypted by Magniber ransomware for free of cost then it’s not possible to do so. Before encrypting the system the Magniber ransomware do not steal any files, since it did not embrace the double extortion tactic in its operation. 

So, for now, the best solution to mitigate such attacks is to back up the data on a regular basis.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

PowerDNS Vulnerability Allows Attackers to Trigger DoS Attacks Through Malicious TCP Connections

PowerDNS has released a critical security update to address a vulnerability in its DNSdist...

VanHelsing Ransomware Builder Exposed on Hacker Forums

The cybersecurity landscape reveal that the VanHelsing ransomware operation has experienced a significant security...

IBM Warns: One-Third of Cyber Attacks Use Advanced Tactics to Steal Login Credentials

IBM X-Force's 2024 cybersecurity report, nearly one-third of cyber intrusions now rely on identity-based...

19-Year-Old Hacker Admits Guilt in Major Cyberattack on PowerSchool

Massachusetts college student stands accused of orchestrating a sweeping cyberattack on PowerSchool, a widely...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

VanHelsing Ransomware Builder Exposed on Hacker Forums

The cybersecurity landscape reveal that the VanHelsing ransomware operation has experienced a significant security...

LockBit Internal Data Leak Reveals Payload Creation Methods and Ransom Demands

The notorious ransomware group LockBit inadvertently suffered a major data breach, exposing the inner...

Kettering Health Experiences System-Wide Outage Due to Ransomware Attack

Kettering Health, a major healthcare provider, has been hit by what appears to be...