Sunday , January 5 2025
Microsoft

Microsoft Disables MSIX App installer protocol abused in attacks

infosecbulletin Friday , December 29 2023 International

Microsoft disables the ms-appinstaller protocol handler by default due to its misuse by several threat actors to spread malware.

“The observed threat actor activity abuses the current implementation of the ms-appinstaller protocol handler as an access vector for malware that may lead to ransomware distribution,” the Microsoft Threat Intelligence team said.

3.3 Million Email Server Expose User Passwords and Messages in Plain Text

By infosecbulletin / Saturday , January 4 2025
Around 3.3 million servers are running POP3/IMAP email services without encryption (TLS) enabled, the Shadowserver Foundation, a nonprofit security organization,...
Read More
3.3 Million Email Server Expose User Passwords and Messages in Plain Text

Memory-Dump-UEFI
Researcher dumping memory to bypass BitLocker on Windows 11

By infosecbulletin / Thursday , January 2 2025
Researchers have demonstrated a method to bypass Windows 11’s BitLocker encryption, enabling the extraction of Full Volume Encryption Keys (FVEKs)...
Read More
Memory-Dump-UEFI Researcher dumping memory to bypass BitLocker on Windows 11

CVE-2024-49112
PoC Exploit Released for Zero-Click vulnerability in Windows

By infosecbulletin / Thursday , January 2 2025
SafeBreach Labs revealed a zero-click vulnerability in the Windows Lightweight Directory Access Protocol (LDAP) service, dubbed “LDAP Nightmare”. This critical...
Read More
CVE-2024-49112 PoC Exploit Released for Zero-Click vulnerability in Windows

Financial Threat Assessment 2024
BCSI marks Bangladeshi 28 banks high, 10 medium for cyber attack

By infosecbulletin / Tuesday , December 31 2024
Bangladesh Cyber Security Intelligence (BCSI) has published Financial Threat Assessment report for 2024. In an era where financial institutions and...
Read More
Financial Threat Assessment 2024 BCSI marks Bangladeshi 28 banks high, 10 medium for cyber attack

Misconfigured Kubernetes RBAC in Azure Airflow Could Expose Entire Cluster

By infosecbulletin / Tuesday , December 31 2024
Cybersecurity researchers have uncovered three security weaknesses in Microsoft's Azure Data Factory Apache Airflow integration that, if successfully exploited, could...
Read More
Misconfigured Kubernetes RBAC in Azure Airflow Could Expose Entire Cluster

US Treasury says it was hacked by China via third party: Beijing denies

By infosecbulletin / Tuesday , December 31 2024
The US Treasury Department said on Monday that Chinese-linked hackers were able to gain access to ‘unclassified documents’ after compromising...
Read More
US Treasury says it was hacked by China via third party: Beijing denies

PoC Exploited Released for Oracle Weblogic Server Vul

By infosecbulletin / Monday , December 30 2024
Security researchers have warned that a Proof-of-Concept (PoC) exploit has been publicly released for a critical vulnerability affecting Oracle WebLogic...
Read More
PoC Exploited Released for Oracle Weblogic Server Vul

Microsoft warn dev urgently to update .NET installer link

By infosecbulletin / Monday , December 30 2024
Microsoft is forcing .NET developers to quickly update their apps and developer pipelines so they do not use 'azureedge.net' domains...
Read More
Microsoft warn dev urgently to update .NET installer link

Look back; The Worst Hacks of 2024

By infosecbulletin / Monday , December 30 2024
In 2024, digital security experienced major breaches as cybercriminals and state-backed groups exploited vulnerabilities for large-scale attacks. These incidents were...
Read More
Look back; The Worst Hacks of 2024

HIPAA to be updated with new cybersecurity regulations, White House

By infosecbulletin / Sunday , December 29 2024
Proposed new cybersecurity rules for healthcare institutions will focus on how they protect user data under HIPAA, as stated by...
Read More
HIPAA to be updated with new cybersecurity regulations, White House

ALSO READ:

India’s ISRO to launch AI enabled 50 Spy Satellites

Cybercriminals offer a malware kit that uses the MSIX file format and ms-appinstaller protocol handler. The changes are in effect in App Installer version 1.21.3421.0 or higher.

The attacks involve signed malicious MSIX application packages. These packages are distributed through Microsoft Teams or malicious ads for popular software on search engines like Google.

Since mid-November 2023, four different hacking groups have been exploiting the App Installer service for financial gain. In October 2023, Elastic Security Labs discovered a campaign involving fake MSIX Windows app package files for popular software like Google Chrome, Microsoft Edge, Brave, Grammarly, and Cisco Webex. These files were used to distribute a malware loader called GHOSTPULSE.

Microsoft disabled the MSIX ms-appinstaller protocol handler in Windows before, in February 2022, to block threat actors from using it to distribute harmful software like Emotet, TrickBot, and Bazaloader.

“Threat actors have likely chosen the ms-appinstaller protocol handler vector because it can bypass mechanisms designed to help keep users safe from malware, such as Microsoft Defender SmartScreen and built-in browser warnings for downloads of executable file formats,” Microsoft said.

Check Also

U.S. Weighs Ban on Chinese-Made Router TP-Link: WSJ reports

The US government is considering banning a well-known brand of Chinese-made home internet routers TP-Link …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2025, All Rights Reserved InfoSecBulletin