"Magniber Ransomware Group Exploiting Microsoft Zero-Day"

A financially motivated hacking group exploited a now-patched zero-day Windows operating system vulnerability to distribute ransomware. The Google Threat Analysis Group linked the malicious campaign to the Magniber ransomware group, which began exploiting the zero-day before Microsoft released a patch for it. Tracked as CVE-2023-24880, the flaw is a moderately severe, affecting Microsoft's anti-phishing and anti-malware component, SmartScreen Security. This component is in Microsoft's endpoint protection service in Windows and Microsoft Edge. Magniber delivers Microsoft Software Installer (MSI) files, signing them with an invalid signature. Upon execution, the file causes an error in the application, bypassing Microsoft's warning against processing untrusted files downloaded from the Internet. Since the beginning of 2023, Google has seen over 100,000 downloads of malicious MSI files, most of which were downloaded by devices in Europe. This is a shift in focus for Magniber, which had previously targeted victims in South Korea and Taiwan. Before its most recent campaign, Magniber exploited CVE-2022-44698, a SmartScreen bypass flaw. According to HP threat researchers who discovered the campaign, the hackers used JavaScript files instead of MSI files. This article continues to discuss the Magniber ransomware group and its exploitation of a now-patched Windows zero-day vulnerability. 

DataBreachToday reports "Magniber Ransomware Group Exploiting Microsoft Zero-Day"