2 min read

Magniber Ransomware Spreads Through JavaScript Fake Security Updates

Vlad CONSTANTINESCU

October 14, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Magniber Ransomware Spreads Through JavaScript Fake Security Updates

Security researchers noticed a recent malicious campaign using fake security updates to deploy Magniber ransomware on Windows devices.

The perpetrators used rogue websites to spread the malware by disguising them as legitimate updates for antivirus software or critical operating system patches. Website visitors were prompted to download a ZIP file that, upon extraction, revealed a JavaScript document posing as an important Windows or antivirus software update.

Threat actors previously used MSI and EXE files to spread Magnibear ransomware but appear to have switched to JavaScript files since September.

“The JavaScript files use a variation of the DotNetToJScript technique, enabling the attacker to load a .NET executable in memory, meaning the ransomware does not need to be saved to disk,” says HP’s Threat Research team. “This technique bypasses detection and prevention tools that monitor files written to disk and reduces artifacts left on an infected system.”

After launch, the script injects malicious code into another process and uses it as a host to run further commands, such as deleting shadow copy files, disabling Windows’ backup and recovery features, and ultimately encrypting victims’ files.

Magniber cunningly bypasses User Account Control (UAC) to gain elevated privileges and run commands without alerting the victim. For this to work, the user must have an Administrator account or be a part of the Administrators group.

Once the malware gains admin privileges, it enumerates files on the compromised device, uses a list to cross-check their extensions, and encrypts matching documents. Once the encryption is finished, Magniber plants a ransom note in each directory that holds an encrypted file and displays it for the victim in a web browser.

To mitigate Magniber attacks, users should refrain from downloading software updates from unknown sources, perform regular data backups (offline or cold backups are even better), and avoid using administrator accounts if they’re not needed.


Specialized software solutions like Bitdefender Ultimate Security, with its extensive range of features, can protect you against ransomware and other types of cybernetic threats:

  • All-around 24/7 data protection against worms, viruses, Trojans, ransomware, spyware, rootkits, zero-day exploits and other types of e-threats
  • Multi-layer ransomware protection that keeps your documents safe against all kinds of ransomware attacks
  • Advanced Threat Defense module that closely monitors active apps and takes instant action upon detecting suspicious activity

tags


Author



Right now

Top posts

How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

SIM Swapper Involved in $22 Million Crypto Heist Sentenced to 18 Months in Prison SIM Swapper Involved in $22 Million Crypto Heist Sentenced to 18 Months in Prison
Vlad CONSTANTINESCU

December 05, 2022

1 min read
Hive Social Taken Offline as ‘Critical Vulnerabilities’ Could Expose Private Messages, Other Data Hive Social Taken Offline as ‘Critical Vulnerabilities’ Could Expose Private Messages, Other Data
Filip TRUȚĂ

December 05, 2022

1 min read
Malicious Actors Exploit TikTok ‘Invisible Challenge’ to Steal Users’ Info Malicious Actors Exploit TikTok ‘Invisible Challenge’ to Steal Users’ Info
Alina BÎZGĂ

December 02, 2022

2 min read