Microsoft shuts down App Installer due to malware exploitation.

January 1, 2024
1 min read

Microsoft has disabled the App Installer feature in order to protect users from malicious exploitation. The ms-appinstaller URI scheme, which allows users to download and install apps directly from websites, is being abused by threat actors for malware distribution. The feature has been disabled by default in order to prevent cybercriminals from using social engineering and phishing techniques to trick users into downloading malicious apps. The ms-appinstaller URI scheme is being used as an access vector for malware, potentially leading to ransomware distribution. Cybercriminals are selling a malware kit that exploits the MSIX file format and handler. They distribute signed malicious packages through websites and malicious advertisements. Microsoft has released a security update that disables the ms-appinstaller URI scheme handler in App Installer build 1.21.3421.0. Users are advised not to download or install apps from unknown websites and to implement phishing-resistant authentication methods.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and