Microsoft said Thursday that it disabled a feature intended to streamline app installation after it discovered financially motivated hacking groups using it to distribute malware.
The feature, the ms-appinstaller protocol, essentially allowed people to skip a step or two when adding Windows apps to their devices.
Cybercriminals figured out that it also provided a way to install loader malware, Microsoft Threat Intelligence said in a blog post.
Disabling the protocol means that Windows apps won't install directly from a server onto a device.
Instead, users must download the software package first, then run App Installer.
Microsoft attributed the activity to groups it tracks as Storm-0569, Storm-1113, Storm-1674 and Sangria Tempest.
Sangria Tempest, a long-running cybercrime group, is also tracked as FIN7 by cybersecurity researchers and has been tied to ransomware groups such as Clop.
The cybercriminals aimed to install loader malware that allowed for further infections, including common data exfiltration tools like IcedID or ransomware like Black Basta.
With car privacy concerns rising, automakers may be on road to regulation.
Google to settle class action lawsuit alleging Incognito mode does not protect user privacy.
Joe Warminsky is the news editor for Recorded Future News.
He has more than 25 years experience as an editor and writer in the Washington, D.C., area.
Most recently he helped lead CyberScoop for more than five years.
Prior to that, he was a digital editor at WAMU 88.5, the NPR affiliate in Washington, and he spent more than a decade editing coverage of Congress for CQ Roll Call.
This Cyber News was published on therecord.media. Publication date: Thu, 28 Dec 2023 20:40:05 +0000