HP’s Wolf Security team is reporting that Magniber ransomware is infecting home users and demanding payments of up to $2,500 for the decryption tool. Masquading as a Windows 10/11 update, attackers get users to download a Zip file containing the malware. Magniber has been primarily spread through MSI and EXE files, but since September has been using this Zip file approach to install the malware.
Excerpts:
- The infection chain starts with a web download from an attacker-controlled website. The user is asked to download a ZIP file containing a JavaScript file that purports to be an important anti-virus or Windows 10 software update.
- Notably, the attackers used clever techniques to evade detection, such as running the ransomware in memory, bypassing User Account Control (UAC) in Windows, and bypassing detection techniques that monitor user-mode hooks by using syscalls instead of standard Windows API libraries.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.