Watch out, that Microsoft Edge update is actually ransomware

Lock on Laptop Screen
(Image credit: Future)

As security experts often stress the importance of keeping your software up to date, cybercriminals have now begun targeting Microsoft Edge users with fake browser updates.

Fake software updates have been a go-to tactic deployed by cybercriminals to get users to download malware for years now. This is because with a convincingly-branded message that carries the right mixture of implied threat and urgency, they can easily trick unsuspecting users.

While Flash updates were a longtime fixture of web-based malware campaigns, Adobe killed off the popular software more than a year ago which is why cybercriminals are now targeting browsers instead. One reason for this is due to the fact that browsers like Google Chrome and Microsoft Edge are updated so frequently that many users put off installing updates when they become available.

According to a new blog post from Malwarebytes, the cybersecurity firm's threat intelligence team recently worked with nao_sec researchers to investigate a newly discovered update to the Magnitude exploit kit that was tricking users into installing a fake Microsoft Edge browser update.

Magniber ransomware

The Magnitude exploit kit uses a wide range of social engineering lures and exploits to attack users and install ransomware on their systems. Although it has been used to target users around the world with different ransomware strains in the past, these days it is primarily used to install the Magniber ransomware on targets in South Korea.

The attack campaign investigated by Malwarebytes begins with a user visiting an ad-heavy website where they encounter a malicious ad which redirects them to a “gate” known as Magnigate. This gate checks their IP address and browser to determine if the users should be attacked. If they fit the correct criteria, the user is then redirected again to the Magnitude exploit kit landing page.

From here, they are prompted to download an update for Microsoft Edge which is actually a malicious Windows Application package (.appx) file. This file then downloads the Magniber ransomware, encrypts their files and demands a ransom.

To prevent falling victim to this attack and others like it, users should invest in ransomware protection and be aware of the fact that Edge updates automatically when you restart it.

We've also highlighted the best browser and best ransomware protection

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.