May 11, 2024 at 03:45AM FIN7, a financially motivated threat actor, has used malicious Google ads to imitate reputable brands, such as AnyDesk and Google Meet, to spread the NetSupport RAT. The group has evolved from targeting point-of-sale systems to launching ransomware campaigns and has expanded its malware arsenal. This activity has prompted Microsoft to … Read more
December 28, 2023 at 02:05PM Microsoft disabled the MSIX ms-appinstaller protocol handler due to multiple financially motivated threat groups exploiting it to infect Windows users with malware. The attackers used the CVE-2021-43890 vulnerability to bypass security measures and distribute malware. Microsoft recommends installing the patched App Installer version 1.21.3421.0 or later and advised disabling the … Read more
October 30, 2023 at 12:42AM A cyber attack campaign has been using MSIX Windows app package files to distribute a new malware loader named GHOSTPULSE. The attack targets popular software like Google Chrome, Microsoft Edge, Brave, Grammarly, and Cisco Webex. Potential victims are enticed to download the packages through compromised websites, SEO poisoning, or malvertising. … Read more