Security News > 2022 > January > Magniber ransomware using signed APPX files to infect systems
The Magniber ransomware has been spotted using Windows application package files signed with valid certificates to drop malware pretending to be Chrome and Edge web browser updates.
APPX files are Windows application package files created for streamlined distribution and installation, and have been abused by various threats in the past for malware distribution.
In the case of Magniber ransomware, the disguised APPX file is digitally signed with a valid certificate, so Windows sees them as trusted files that do not trigger a warning.
Accepting the malicious APPX file results in creating two files on the "C:Program FilesWindowsApps" directory, namely the 'wjoiyyxzllm.
These files execute a function that fetches the Magniber ransomware payload, decodes it, and then executes it.
Unlike most ransomware operations, Magniber did not adopt the double extortion tactic, so it does not steal files before encrypting the systems.