Magniber ransomware targets Windows users via fake security updates

Magniber ransomware is targeting Windows home users via fake security updates promoted on malicious websites. The security update contains a malicious file that contains JavaScript, which can trigger a complicated infection with the file-encrypting malware.

Researchers found that ransomware operators in January used Chrome and Edge browser updates to push malicious Windows application package files (.APPX).

According to HP’s Threat Intelligence team, the ransomware strain focuses explicitly on Windows 10 and 11 builds. Researchers also stated that the ransomware operators charge up to $2,500 to release decryptors to home user.

On its infection chain, the ransomware switched from the use of MSI and EXE files to JavaScript files. These files are obfuscated and use a variation of the “DotNetToJScript” technique to execute a .NET file in the system memory. Doing this reduces the risk of detection by antivirus products.

The attackers use the .NET file to decrypt shellcode, which uses its own wrapper to make stealthy syscalls, and inject it into a new process before terminating its own.

To increase the chances of getting paid after the shellcode deletes shadow copy files via WMI and disables backup and recovery features through “bcdedit” and “wbadmin.”

Home users can protect themselves by making regular backups of their files and keeping an offline storage device.

The sources for this piece include an article in BleepingComputer.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web