Magniber Ransomware Adopts JavaScript, Targeting Home Users with Fake Software Updates

Discussion in 'other security issues & news' started by Rasheed187, Oct 16, 2022.

  1. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    18,178
    Location:
    The Netherlands
    What is interesting about this attack that it starts with JS files and eventually .Net executables are used to encrypt the files. It also tries to bypass UAC and uses code injection. So it's not a standard .exe file ransomware attack, I wouldn't be surprised if many AV's would fail to detect this. And many users might think that the JS files are harmless.

    https://threatresearch.ext.hp.com/m...geting-home-users-with-fake-software-updates/
     
    Rasheed187, Oct 16, 2022
    #1
  2. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    18,178
    Location:
    The Netherlands
    You know, I was reading this article again and I noticed that they mention it will likely bypass behavior blockers because it makes use of syscalls, I wonder what's up with that?

     
    Rasheed187, Jan 12, 2023
    #2
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...