Recently Google announce that Threat Analysis Group they have found a flaw in the SmartScreen security feature in Microsoft’s Microsoft Edge Chromium which is where the flaw allows hackers to distribute the dangerous Magniber ransomware.

According to Google, they have notified Microsoft about this problem since February 15, 2023 and the good news is that Microsoft has fixed this problem through the Cumulative Update in February 2023, a few days after getting the report.

"The attackers are delivering MSI files signed with an invalid but specially crafted Authenticode signature. The malformed signature causes SmartScreen to return an error that results in bypassing the security warning dialog displayed to users when an untrusted file contains a Mark-of-the-Web (MotW), which indicates a potentially malicious file has been downloaded from the internet." ungkap Google. 

This vulnerability is of course very dangerous because the Magniber Ransomware can threaten user data.

In the same blog post, Google also stated that their Threat Analysis Group had found more than 100,000 downloads of this MSI file since January 2023, where most of the cases occurred and were found in Europe.

And of course as a place of comparison, Google says that the Safe Browsing security feature of Google Chrome detects more than 90% of these malicious files.

"TAG has observed over 100,000 downloads of the malicious MSI files since January 2023, with over 80% to users in Europe — a notable divergence from Magniber’s typical targeting, which usually focuses on South Korea and Taiwan. Google Safe Browsing displayed user warnings for over 90% of these downloads." ungkap Google. 

Given that this issue has been fixed, Microsoft Edge Chromium users now no longer need to worry about this flaw, but in any case users should be careful about downloading an execution file which may contain malicious files in it.

via: Google


Source link


Please enter your comment!
Please enter your name here