Microsoft Edge users beware: this fake Edge update downloads malware onto your PC

Microsoft markets their Microsoft Edge browser as ‘the fast and secure browser’ that can help users protect their data as well as save time and money too. However, it might not be as secure as Redmond believes it to be, at least according to Malwarebytes Labs, the company behind the popular antivirus software.

According to Malwarebytes Labs, they recently found a new ransomware doing the rounds online that was specifically targeting Microsoft Edge users. It’s actually quite simple too; to gain access into your system, it simply pretends to be a Microsoft Edge browser update. The specific ransomware, dubbed Magniber, seems to be mostly isolated to South Korean users. It starts off whenever a user visits a page or website that’s typically riddled with ads and spam. If one of those ads was a malicious ad, it will redirect them to a ‘gate’ known as Magnigate, which then checks your browser and IP address to assert if the user was worth attacking.

If you fit the hackers’ criteria, it’ll then redirect you to the Magnitude exploit landing page. The ransomware then dupes itself as a Microsoft Edge update, stating that in order to view the page, you need to click update on a pop up and update your browser. Doing so however downloads a malicious Windows Application package file with the extension .appx. This file then proceeds to download the rest of the Magniber ransomware, which encrypts your computer’s files. The ransomware then says you’ll need to pay to download its ‘special decrypting software’ in order to retrieve your files.

Malwarebytes does note that this type of ransomware has been around ever since the Internet Explorer days, where it would make use of the vulnerable Adobe Flash plugin to target users. It was also seen trying to manipulate a vulnerability in the Chrome family of browsers, which makes sense as Chrome is pretty much the most used browser by a mile.

They also add that the best way to ensure you’re downloading a legitimate browser update is to first check your browser version. For Edge users, this means to head to the Settings page on the browser and select About Microsoft Edge. It’ll then check your browser for updates, and will tell you if it’s up to date or not.

[ SOURCE ]