Less than a year after it re-emerged following earlier security issues, Microsoft has again taken action to limit malware distribution through its ms-appinstaller protocol for MSIX.
BleepingComputer reports that the well-received indie strategy game "Slay the Spire" had its fan-made expansion dubbed "Downfall" compromised on Christmas to distribute the Epsilon information-stealing malware.
Several threat operations including Sangria Tempest or FIN7, Storm-0569, Storm-1674, and Storm-1113 have exploited Microsoft's "ms-appinstaller protocol" for expediting Windows app installation to facilitate malware distribution, resulting in the deactivation of the protocol, reports The Record, a news site by cybersecurity firm Recorded Future.
Hundreds of cyberattacks daily have been spreading the novel Rugmi malware loader in October and November, representing a significant increase from the single-digit daily detections of the trojan beforehand, The Hacker News reports.
Ukraine has been noted by its Computer Emergency Response Team to be subjected to attacks by Russian state-backed threat operation APT28, also known as Strontium or Fancy Bear, deploying the novel MASEPIE malware downloader, according to BleepingComputer.
