"Microsoft Disables MSIX Protocol Handler Abused in Malware Attacks"

Multiple financially motivated threat groups have abused the MSIX ms-appinstaller protocol handler to infect Windows users with malware, prompting Microsoft to disable it again. Attackers exploited the Windows AppX Installer spoofing vulnerability to bypass security measures implemented to protect Windows users from malware. According to Microsoft, threat actors use malicious advertisements for popular software as well as Microsoft Teams phishing messages to distribute signed malicious MSIX application packages. Microsoft Threat Intelligence has observed threat actors, including Storm-0569, Storm-1113, Sangria Tempest, and Storm-1674, using the ms-appinstaller URI scheme (App Installer) to spread malware since mid-November 2023. This article continues to discuss the abuse of the MSIX ms-appinstaller protocol handler by attackers and Microsoft's disabling of it.

Bleeping Computer reports "Microsoft Disables MSIX Protocol Handler Abused in Malware Attacks"

Submitted by grigby1