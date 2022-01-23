Did you receive a notification to update your browser? It’s good to be careful. A new ransomware attack method, or virtual hijacking, uses a fake request to update Chrome and Edge, on Windows, to invade PCs. Called Magniber, the program has spread mainly through corporate networks.

The attack is like this: when the person enters some websites, a notification is displayed to update the browser in a phishing attempt. By clicking on the false alert, the malicious extension is downloaded, in APPX format, which is recognized by Windows. Therefore, the system allows the process to occur without detecting problems. It only takes a few seconds.

“Once the victim chooses to make these fake updates on Google Chrome or Microsoft Edge, a browser extension like .appx (a format released with Windows 8 but still exploited by Windows 10 and Windows 11) from the page is downloaded to your device. When running in the background, the ‘wjoiyyxzllm.exe’ program executes the ‘wjoiyyxzllm.dll’ library, and downloads the Magniber malware. Thus, the victim’s files are compromised”, explains Marco DeMello, Executive President of digital security company PSafe.

When executed, the ransomware “hijacks” your files, encrypting your computer data to keep it locked away. A “ransom” note is then displayed in a text (.txt) file. The note, in English, states that the files were not damaged and can be recovered. But that release attempts using third party software will result in data destruction.

Image: PSafe

A link that works only in the Tor browser —an anonymous communication network— leads to the payment of a financial sum and obtaining the cryptographic key, which, so far, is the only way to recover the data. The cybercriminals behind Magniber are focused on companies, as it is possible to charge higher fees for corporate information.

“How many times do we receive an update notification and click almost automatically? This is when the cybercriminal makes use of a human error, which can cause one or 100 employees to go down. Regardless of the number of collaborators who believe, we emphasize that if only one of them is a victim, your unprotected system will be in the hands of cybercriminals because of a click, in seconds”, warns DeMello.

tricky coup

Magniber is a type of ransomware that has been around for some time but has found new methods to attack devices. It may also download other malware while installing on your system.

But unlike most attacks of this type, it does not adopt the double extortion tactic — that is, it does not copy files before encrypting systems, to blackmail them again, threatening to disclose them after the ransom is paid.

According to PSafe, phishing attacks victimized more than 150 million people in Brazil in 2021. It is one of the most used methods by cyber criminals, deceiving a victim through malicious links and fake apps, impersonating famous companies or people. , keeping the same characteristics as the originals, with small changes, such as changing a letter in the URL.

This type of scam has the objective of “hooking” the person to obtain confidential information, through false promotions, gifts or, in this case, an update request.

how to protect yourself

A few precautionary measures may be enough to prevent an infection by Magniber ransomware and others. Among them are: