Microsoft has once more deactivated its MSIX ms-appinstaller protocol after it was abused by threat groups to distribute malware into Windows systems. This follows exploitation of the CVE-2021-43890 Windows AppX Installer vulnerability, enabling evasion of protective measures like Defender SmartScreen. Threat actors employed malicious ads and phishing messages to push malware, with potential links to ransomware operations. Microsoft has advised installing a patched App Installer version to block exploitation attempts.
Group-IB’s Threat Intelligence and Defence Centre Equip Undergraduates with Sophisticated Cybersecurity Technologies to Boost Threat Analysis and Enhance Cyber Resilience for Campus Start-ups
Hey there from the heart of the San Francisco Bay Area! It’s an absolute pleasure to have you back again for our chat on some
