• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Magniber Ransomware Adopts JavaScript to Attack Individual Users

You are here: Home / General Cyber Security News / Magniber Ransomware Adopts JavaScript to Attack Individual Users
October 14, 2022

Recent analysis demonstrates that Magniber ransomware has been focusing on dwelling users by masquerading as software package updates.

A ransomware campaign isolated by HP Wolf Security in September 2022 saw Magniber ransomware unfold. The malware is recognised as a one-client ransomware household that calls for $2,500 from victims.

Beforehand Magniber was mostly unfold by MSI and EXE data files, but in September 2022 HP Wolf Security began viewing campaigns distributing the ransomware in JavaScript files.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Notably, HP Wolf Security reported, the attackers employed clever techniques to evade detection, this kind of as functioning the ransomware in memory, bypassing Consumer Account Handle (UAC) in Windows, and bypassing detection procedures that keep track of user-manner hooks by applying syscalls as a substitute of common Windows API libraries.

With the UAC bypass, the malware deletes the infected system’s shadow copy documents and disables backup and recovery features, stopping the sufferer from recovering their facts making use of Windows tools.

Describing the ransomware marketing campaign, HP Wolf observed that the infection chain starts with a web download from an attacker-managed internet site.

The user is questioned to down load a ZIP file that contains a JavaScript file that purports to be an essential anti-virus or Windows 10 software program update.

For Magniber to access and block files, it requires to be executed on a Windows account with administrator privileges – a degree of accessibility which is much extra commonplace in private techniques.

“Consumers can shield on their own by pursuing ‘least-privilege’ concepts – only logging on with their administrator account when strictly required, and making one more account for daily use,” stated Patrick Schläpfer, Malware Analyst at HP Wolf Security. “Users can also minimize risk by producing certain updates are only mounted from reliable resources, examining URLs to guarantee formal seller sites are used, and backing up data consistently to lower the impact of a prospective data breach.”

The firm observed that this ransomware does not drop into the classification of Huge Video game Looking but can however bring about significant harm.


Some elements of this article are sourced from:
www.infosecurity-magazine.com

Previous Post: «Cyber Security News Report Shows How China Has Been Using Cyberattacks Over the Past Decade
Next Post: How To Build a Career as a Freelance Cybersecurity Analyst — From Scratch how to build a career as a freelance cybersecurity analyst»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Cybercriminals Using New ASMCrypt Malware Loader Flying Under the Radar
  • Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm
  • Post-Quantum Cryptography: Finally Real in Consumer Apps?
  • Microsoft’s AI-Powered Bing Chat Ads May Lead Users to Malware-Distributing Sites
  • Progress Software Releases Urgent Hotfixes for Multiple Security Flaws in WS_FTP Server
  • Cisco Warns of Vulnerability in IOS and IOS XE Software After Exploitation Attempts
  • GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions
  • China’s BlackTech Hacking Group Exploited Routers to Target U.S. and Japanese Companies
  • The Dark Side of Browser Isolation – and the Next Generation Browser Security Technologies
  • China-Linked Budworm Targeting Middle Eastern Telco and Asian Government Agencies

Copyright © TheCyberSecurity.News, All Rights Reserved.