While security experts often stress the importance of keeping your software up to date, cybercriminals have now started targeting Microsoft Edge users with fake browser updates.
Fake software updaters have been a popular tactic used by cybercriminals to trick users into downloading malware for years. Indeed, with a compelling brand message that carries the right mix of implied threat and urgency, they can easily fool unsuspecting users.
While Flash updates have long been part of web malware campaigns, Adobe killed off the popular software over a year ago, which is why cybercriminals are now targeting browsers. One of the reasons for this is that browsers such as Google Chrome and Microsoft Edge are updated so frequently that many users delay installing updates when they become available.
According to a new blog post from Malwarebytes, the cybersecurity firm’s threat intelligence team recently worked with researchers at nao_sec to investigate a recently discovered update to the Magnitude exploit kit that tricked users into install a fake Microsoft Edge browser update.
The Magnitude exploit kit uses a wide range of decoys and social engineering exploits to attack users and install ransomware on their systems. Although it has been used to target users around the world with different strains of ransomware in the past, it is mainly used today to install Magniber ransomware on targets in South Korea.
The attack campaign investigated by Malwarebytes begins with a user visiting an advertising-heavy website where they encounter malicious advertising that redirects them to a “door” known as Magnigate. This gate checks their IP address and browser to determine if users should be attacked. If they match the correct criteria, then the user is again redirected to the Magnitude exploit kit homepage.
From there, they are prompted to download an update for Microsoft Edge, which is actually a malicious Windows Application Package (.appx) file. This file then downloads Magniber ransomware, encrypts their files and demands a ransom.
To avoid falling victim to this attack and others like it, users should invest in ransomware protection and be aware that Edge updates automatically when you restart it.
We have also highlighted the best browser and better protection against ransomware