Microsoft has disabled the ms-appinstaller protocol handler due to hackers abusing it to install malware. The protocol handler can bypass security measures and is used by threat actors for ransomware distribution. Spoofing legitimate applications and tricking users into installing malicious packages are some of the tactics used. Financially motivated threat actors like Storm-0569, Storm-1113, Sangria Tempest, and Storm-1674 have been identified as using App Installer as an entry point for their activities. Recommendations include implementing phishing-resistant user authentication techniques and educating users about external communication attempts. #Microsoft #malware #ransomware #cybersecurity #hackers
https://cybersecuritynews.com/microsoft-disabled-app-installe/