A fraudulent update request for Chrome and Edge browsers, in their Windows versions, is the gateway to a new ransomware campaign focused on corporate networks. The request that appears when accessing suspicious websites aims to trick users into a malicious extension, which is used to download malware and perform data hijacking.
The alert from security experts at PSafe concerns Magniber, ransomware that has been detected since the middle of last year. From the request of the fake update for the browsers, a software with the APPX format is installed, recognized by Windows as an extension for the browsers and, thus, released to run DLL libraries and install malicious solutions.
This is how quickly the infected computer’s data is encrypted, with the ransom note being displayed from a document in TXT format. The text is the same as always, stating that the files have been hijacked and that attempts to release them will result in their destruction, while a Tor network address is provided for making payment and obtaining the cryptographic key that allows recovery.
Want to stay on top of the best tech news of the day? Access and subscribe to our new youtube channel, Kenyannews News. Every day a summary of the main news from the tech world for you!
According to PSafe, the gang responsible does not carry out double extortion, blocking only the data available on the device itself without carrying out the interception or download. There is therefore no threat of public release of sensitive data, always a nightmare for companies dealing with customer, supplier or industrial secret information.
While there is no specific data on Magniber, the mass dissemination of false notifications for carrying out phishing attacks is a real threat, which according to PSafe, reached 150 million people in 2021. “How many times have we not received an update notification and do we click automatically? It is at this point that cybercriminals make use of human error, in an attack that is not necessarily new”, points out Marco DeMello, CEO of the digital security company.
How to avoid ransomware attacks
The executive points out the training of employees as a possible path to protection, since even if only one of them is a victim, this can already put sensitive data and information at risk. “Within seconds, because of a click, your unprotected system will be in the hands of cybercriminals,” adds DeMello.
Investment in security solutions, especially those based on artificial intelligence, also help to defend against common threats and usual methods of spreading pests, blocking possible installations even when authorized by the user. Keeping systems up to date, as well as apps and other solutions, also helps to tackle the most common threats.
Specifically regarding Magniber, PSafe clarifies that browsers do not display update notifications, with Chrome and Edge doing this automatically. Therefore, when viewing alerts of this type, it is best to ignore them, as they will always be fraudulent and may expose users to threats. Specialists also recommend that extensions and other applications should only be downloaded from verified sources, in order to avoid malicious manipulation of these software.
