Thursday, April 18, 2024

Beware!! Magniber Ransomware Delivered via Microsoft Edge and Google Chrome as an Update

In an ongoing campaign, the threat actors are distributing Magniber ransomware as an update through modern web browsers.

Cybersecurity researchers at ASEC have closely monitored Magniber and reported that to deploy this ransomware the operators behind it are actively exploiting the Internet Explorer (IE) vulnerabilities for the last couple of years.  

But, now apart from Internet Explorer (IE), currently, the hackers are also exploiting the modern web browsers:- 

  • Microsoft Edge
  • Google Chrome

Technical Analysis

In the image below the distribution pages are shown that are opened in Microsoft Edge and Google Chrome, prompting users to install the fake update package with “.appx” extension. 

This fake Chrome or Edge’s Windows update package with .appx extension contains an authentic certificate which makes it look legit and allows the installation of the fake package.

Later, in the child paths of C:\Program Files\WindowsApps when the fake downloaded APPX package was executed, it automatically puts the maliciously crafted EXE and DLL files with the following name:-

  • For EXE file: wjoiyyxzllm.exe
  • For DLL file: wjoiyyxzllm.dll

Now here at this stage, the wjoiyyxzllm.exe file loads the wjoiyyxzllm.dll to execute a distinct function that is dubbed as “mbenooj.” After completing these stages now the Magniber ransomware gets deployed from the memory of wjoiyyxzllm.exe.

Once deployed, the ransomware starts encrypting all the files present on the user’s system and leaves a ransom note after completing the encryption procedure.

Now if you are thinking that why “APPX” files were chosen by the threat actors? They chose the APPX files due to their wide usage. However, in the below video you can see the whole thing in action.

Moreover, if anyone wants to decrypt the files encrypted by Magniber ransomware for free of cost then it’s not possible to do so. Before encrypting the system the Magniber ransomware do not steal any files, since it did not embrace the double extortion tactic in its operation. 

So, for now, the best solution to mitigate such attacks is to back up the data on a regular basis.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates


Latest articles

Palo Alto ZeroDay Exploited in The Wild Following PoC Release

Palo Alto Networks has disclosed a critical vulnerability within its PAN-OS operating system, identified...

FIN7 Hackers Attacking IT Employees Of Automotive Industry

IT employees in the automotive industry are often targeted by hackers because they have...

Russian APT44 – The Most Notorious Cyber Sabotage Group Globally

As Russia's invasion of Ukraine enters its third year, the formidable Sandworm (aka FROZENBARENTS,...

SoumniBot Exploiting Android Manifest Flaws to Evade Detection

A new banker, SoumniBot, has recently been identified. It targets Korean users and is...

LeSlipFrancais Data Breach: Customers’ Personal Information Exposed

LeSlipFrancais, the renowned French underwear brand, has confirmed a data breach impacting its customer...

Cisco Hypershield: AI-Powered Hyper-Distributed Security for Data Center

Cisco has unveiled its latest innovation, Cisco Hypershield, marking a milestone in cybersecurity.This groundbreaking...

Phishing-as-a-Service Platform LabHost Seized by Authorities

Authorities have dismantled LabHost, a notorious cybercrime platform that facilitated widespread phishing attacks across...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.


Mastering WAAP/WAF ROI Analysis

As the importance of compliance and safeguarding critical websites and APIs grows, Web Application and API Protection (WAAP) solutions play an integral role.
Key takeaways include:

  • Pricing models
  • Cost Estimation
  • ROI Calculation

Related Articles