A new attack targets Edge and Chrome users: malware cleverly masquerades as an update to web browsers. But after installing the malware, it is a ransomware that awaits the victims…
Magnitude is a well-known malware exploit kit among security researchers. It previously exploited flaws in Flash and Internet Explorer to accomplish its misdeeds. Today, a new version allows hackers to sequester the data of their victims, which they can only recover after paying a ransom.
A format recognized by Windows
Magnitude makes sure to display a notification in the Edge or Chrome browsers: the alert asks the user to install a manual update. Internet users who are unsuspecting or who are unfamiliar with the usual mechanisms for updating this software (which update automatically without user intervention) see nothing but fire and click on the button present on the web page. .
Then it’s too late: the victim downloads a malicious file called edge_update.appx Where chrome_update.appx, depending on the browser. The .appx format has existed since Windows 8, it is still currently used in the latest versions of the operating system. Windows therefore believes that it is a legitimate file and continues the installation without suspecting anything.
But in fact of update, it is the Magniber ransomware which comes into play: it encrypts the data of the hard disk of the PC and keeps the decryption key. Until the Internet user agrees to pay the requested amount… The attacks have been concentrated in South Korea for the moment.