8.8 C
Monday, January 1, 2024

Microsoft Disabled App Installer Following Malware Abuse

After detecting App Installer abuse for malware distribution for a number of months, Microsoft disabled the protocol handler by default. The tech big took this initiative in a bid to guard the purchasers from additional threats.

Microsoft App Installer Disabled By Default

In line with a current weblog publish, Microsoft has disabled the App Installer (ms-appinstaller) protocol handler by default for its customers.

The App Installer – exactly, ms-appinstaller URI (Uniform Useful resource Identifier) scheme (protocol) – facilitated customers in direct set up of apps from the web. It streamlined app installations, finishing the method sooner whereas utilizing minimal disk assets.

Microsoft launched this characteristic with some newer variations of Home windows 10. Nevertheless, the tech big needed to disable it by default because it detected quite a few exploitations of the protocol from totally different malware teams.

As elaborated, the agency noticed the menace actors abusing the present implementation of the ms-appinstaller protocol handler for malware and ransomware distribution. They even detected the hacker teams distributing malware kits tailor-made to abuse the characteristic for stealth malware installations. Microsoft named some financially motivated menace actor teams, together with the Storm-0569, Storm-1113, Sangria Tempest, and Storm-1674, actively abusing the characteristic.

Microsoft discovered the characteristic abuse and the following malware campaigns to be round since mid-November 2023. The menace actors used varied methods to distribute malware, predominantly counting on social engineering and phishing.

The tech big noticed quite a few malicious web sites to be distributing the malware by impersonating legit software program, similar to Zoom, TeamViewer, Tableau and AnyDesk. Whereas, in case of Storm-1674, the menace actors distributed the malicious net web page hyperlinks by way of Groups to trick customers.

After detecting these malware campaigns going round with an exponential rise, the tech big determined to disable the characteristic to forestall malware abuse. Therefore, Microsoft disabled the ms-appinstaller URI scheme handler by default in App Installer construct 1.21.3421.0.

Whereas this transfer will doubtless stop the menace, Microsoft nonetheless suggested the customers to remain vigilant whereas interacting with net hyperlinks.

Tell us your ideas within the feedback.

Latest news
Related news


Please enter your comment!
Please enter your name here