As security experts often stress the importance of keeping your software up to date, cybercriminals have now begun targeting Microsoft Edge users with fake browser updates.
Fake software updates have been a go-to tactic deployed by cybercriminals to get users to download malware for years now. This is because with a convincingly-branded message that carries the right mixture of implied threat and urgency, they can easily trick unsuspecting users.
While Flash updates were a longtime fixture of web-based malware campaigns, Adobe killed off the popular software more than a year ago which is why cybercriminals are now targeting browsers instead. One reason for this is due to the fact that browsers like Google Chrome and Microsoft Edge are updated so frequently that many users put off installing updates when they become available.
According to a new blog post from Malwarebytes, the cybersecurity firm’s threat intelligence team recently worked with nao_sec researchers to investigate a newly discovered update to the Magnitude exploit kit that was tricking users into installing a fake Microsoft Edge browser update.
The Magnitude exploit kit uses a wide range of social engineering lures and exploits to attack users and install ransomware on their systems. Although it has been used to target users around the world with different ransomware strains in the past, these days it is primarily used to install the Magniber ransomware on targets in South Korea.
The attack campaign investigated by Malwarebytes begins with a user visiting an ad-heavy website where they encounter a malicious ad which redirects them to a “gate” known as Magnigate. This gate checks their IP address and browser to determine if the users should be attacked. If they fit the correct criteria, the user is then redirected again to the Magnitude exploit kit landing page.
From here, they are prompted to download an update for Microsoft Edge which is actually a malicious Windows Application package (.appx) file. This file then downloads the Magniber ransomware, encrypts their files and demands a ransom.
To prevent falling victim to this attack and others like it, users should invest in ransomware protection and be aware of the fact that Edge updates automatically when you restart it.