Ransomware appeared to fake Edge browser updates, extorting users with Bitcoin

A ransomware attack campaign in South Korea is using a fake Edge update to fool users.

Security experts often stress the importance of software updates, but this has helped create a lucrative opportunity for cybercriminals, who have targeted Microsoft Edge users with updates. fake.

Fake software updates have been a frequent tactic employed by cybercriminals to trick users into downloading malware for years now. These malware often disguise themselves as urgent updates, in order to threaten and make it easy for them to fool gullible users.

Ransomware appeared to fake Edge browser updates, extorting users with Bitcoin Picture 1 Ransomware appeared to fake Edge browser updates, extorting users with Bitcoin Picture 1

In the past, Flash updates have often been the target of malware campaigns like this, Adobe killed Flash over a year ago, which is why cybercriminals have turned to browsers.

According to a blog post by cybersecurity company Malwarebytes, they have discovered that a new version of the Magnesium mining kit is tricking users into installing a fake Microsoft Edge browser update.

Ransomware appeared to fake Edge browser updates, extorting users with Bitcoin Picture 2 Ransomware appeared to fake Edge browser updates, extorting users with Bitcoin Picture 2

The Magnesium Mining Kit uses a series of spoofs to attack users in order to install ransomware on their systems. While Magnesium has been used to target users around the world with different strains of ransomware in the past, today it is mainly used to install Magniber ransomware on targets in South Korea.

According to Malwarebytes, the attack campaign begins with a user visiting an ad-laden website, where they encounter a malicious ad that redirects them to a 'portal' known as Magnigate. This gateway checks their IP address and browser to determine if a user should be hacked. If they match the established criteria, the user will then be redirected again to Magnigate's fake Edge update page.

Ransomware appeared to fake Edge browser updates, extorting users with Bitcoin Picture 3 Ransomware appeared to fake Edge browser updates, extorting users with Bitcoin Picture 3

Here, they are prompted to download an update for Microsoft Edge. This is actually a malicious Windows Application package (.appx) file. This file then downloads the Magniber ransomware, encrypts the file, and demands a ransom.

To avoid falling victim to this attack, users should be aware that Edge will automatically update when you restart it, so don't update from an unknown source.