Microsoft shuts down App Installer due to malware exploitation.

January 1, 2024
1 min read

Microsoft has disabled the App Installer feature in order to protect users from malicious exploitation. The ms-appinstaller URI scheme, which allows users to download and install apps directly from websites, is being abused by threat actors for malware distribution. The feature has been disabled by default in order to prevent cybercriminals from using social engineering and phishing techniques to trick users into downloading malicious apps. The ms-appinstaller URI scheme is being used as an access vector for malware, potentially leading to ransomware distribution. Cybercriminals are selling a malware kit that exploits the MSIX file format and handler. They distribute signed malicious packages through websites and malicious advertisements. Microsoft has released a security update that disables the ms-appinstaller URI scheme handler in App Installer build 1.21.3421.0. Users are advised not to download or install apps from unknown websites and to implement phishing-resistant authentication methods.

Latest from Blog

Top CISA official looks back on four years of cyber work

TLDR: Eric Goldstein, a top official at CISA, reflects on progress made in cybersecurity during his tenure. Key achievements include understanding cyber risks, collaboration with industry, and encouraging secure product development. Eric

Juggling AI cybersecurity highs and lows

TLDR: At the 2024 MIT Sloan CIO Symposium, industry leaders discussed the challenge of balancing AI’s benefits with its security risks, particularly focusing on generative AI. While generative AI can bring benefits

Get your free Cyber Security eBook now Valued at $169

“`html TLDR: Key Points: Claim your complimentary eBook worth $169 for free before May 22. The eBook covers practical applications of cyber security and network security for professionals, engineers, scientists, and students.