According to AhnLab Security Emergency response Center (ASEC), the Magniber ransomware, which was used to target victims by exploiting Internet Explorer's vulnerabilities in 2021, has found its way to Google Chrome and Microsoft Edge.
So, how does this malicious app attack users, and what can you do to prevent it? Here's everything you need to know about the Magniber ransomware.
What Is Magniber?
In the simplest terms, Magniber is a ransomware program that infects computers by exploiting vulnerabilities in old, outdated software, like Internet Explorer and Adobe Flash. However, it has since evolved to infect other, more modern browsers.
Magniber primarily targets Google Chrome users, but since Microsoft Edge uses the same Chromium base code, the ransomware can even affect the native browser on Windows PCs.
The Magnitude exploit kit, which distributes Magniber, previously used Cerber ransomware to attack their victims. The attacks started way back in 2013, but Magnitude started deploying the Magniber malware in 2017. The hackers deployed it via advertisements placed on sites explicitly made for the malware.
Then, in July 2021, the Magniber ransomware started using the PrintNightmare vulnerability. It used this exploit for remote code execution and local privilege escalation, allowing hackers to take control of systems without the user's authority.
Finally, in early 2022, security researchers from ASEC discovered that the ransomware had started attacking Google Chrome and Microsoft Edge—two of the most popular web browsers today.
How the Magniber Ransomware Attacks Users
Magniber deploys itself by posing as an update to your web browser and then installing itself as an extension. When you visit a compromised website, you will see an official-looking page that says your browser requires a manual update. And when you click on the Update Edge button, the website will attempt to download the extension to your computer.
The ransomware uses the .appx file extension and contains a valid Windows certificate, thus fooling your system that it's a trusted application. Once you install the malicious software, it will create an executable and DLL file in the C:\Program Files\WindowsApps folder. Since this folder is typically secured, hidden, and inaccessible to users, most wouldn't even know that this folder exists.
Once the installation is complete, Magniber will launch the malware, encrypt your files, and open a ransom note demanding payment.
How to Protect Yourself From Magniber Ransomware
The easiest way to protect yourself from Magniber is to not install manual updates for your browser unless you specifically downloaded it from the Google Chrome or Microsoft Edge website. That's because these modern browsers automatically update themselves by default. This happens every time you close and open it.
However, if you typically keep your browser open for days, you may want to update it manually. You should also do this if you're on a metered connection or you recently purchased a cellular-capable computer in China. So, let's see how you can manually update your browser, shall we?
How to Manually Update Google Chrome
Google Chrome users should click on the three dots menu at the upper-right corner of the window, right under the X icon. Then, head over to Help > About Google Chrome, and a new settings tab will open, with About Chrome in the main window.
Underneath that, you should see the current version of the browser you're using. If there's a new version, Chrome will automatically download and install it, after which you can click on Relaunch to apply the updates. As you can see, manually updating Google Chrome is a breeze.
How to Manually Update Microsoft Edge
On your Microsoft Edge browser, click on the three-dot icon at the upper-right corner below the X icon used to close the window. Next, click on Settings from the dropdown. The Settings menu will open on a new tab; on the Settings sidebar, choose About Microsoft Edge.
The About page will show the Microsoft Edge logo and what version you're running. If the browser is running the latest version, you should see that Microsoft Edge is up to date. Otherwise, you will see An update is available instead. Edge will automatically download and install the update and then prompt you to Restart the browser—just like Chrome.
Stay Away From Fake Sites to Avoid Magniber
Besides being careful with manual browser updates, you should also be cautious of fake websites masquerading as official ones. According to the example shared by ASEC, the website deploying Magniber featured either the Microsoft Edge or Google Chrome logo.
However, don't be scared. You don't need to be a programmer or computer expert to spot fake websites. All you need is to look closer. For example, the Magniber download page shows some capitalization errors on its download icons.
Furthermore, there is not much information on the download page—all you see is the download button and some official-looking photos that might have been copied from the original website.
You should also look at the URL of the download link. Official websites should say google.com or microsoft.com on the address bar, not some random string of numbers. If the address bar shows anything different and asks you to download a file, you better run away fast.
Don't Believe Everything on the Internet
While the internet is a powerful tool, you should be careful every time you go on it. That's because many out there want to take advantage and take money from you illegally. You can protect yourself by learning how to differentiate real pages from fake ones and taking everything you read online with a grain of salt.
You should also keep your apps updated—but only through official channels. If a page offers an update to your browser, and you're not accessing the official links from Google or Microsoft, don't believe it.
These companies update their apps automatically, and if you need to do so manually, they let you do it directly from the browser settings. This way, you're sure that you only get safe updates that won't compromise your system.