Google’s security team, Threat Analysis Group, has found a security vulnerability in Microsoft’s SmartScreen that allows attackers to distribute Magniber ransomware, the company said in a newly released blog post.
Microsoft has released a cumulative update for Win10 and Win11 systems that fixes these vulnerabilities during today’s Patch Tuesday event day in March.
Regarding the vulnerability, the Google blog post as follows.
"An attacker signed and distributed an MSI file using an invalid but specially crafted Authenticode signature. This incorrectly formatted signature causes SmartScreen to return an error that can lead to bypassing the security warning dialog displayed to the user after accessing an untrusted file containing a network token (MotW), which indicates that a potentially malicious file has been downloaded from the Internet."
According to the blog post, Google’s threat analysis team found more than 100,000 downloads of these MSI files since January 2023, the vast majority of which occurred in Europe. Google added that the Safe Browsing feature in Chrome has successfully detected more than 90 percent of these malicious files.
