Windows home users are being impacted by a new malicious campaign spreading the Magniber ransomware through fraudulent antivirus and security updates, reports BleepingComputer.
Magniber ransomware operators have leveraged Chrome and Edge browser updates to spread malicious Windows application package files in January before distributing the ransomware as a Windows 10 update in April, and while MSI and EXE files have been used in prior campaigns, operators have since shifted to JavaScript files, according to a report from HP's Threat Intelligence Team. Such JavaScript files have been obfuscated and facilitate the stealthy execution of a .NET file to prevent detection.
Windows' User Account Control feature is also being bypassed by Magniber, researchers said. The report also showed that only specific file types are being encrypted by Magniber.
Meanwhile, home users impacted by the latest campaign are being demanded up to $2,500 in exchange for a decryption tool for recovering files, added researchers.