Change in Magniber Ransomware (*.msi → *.cpl) – July 20th
Since February 2022, Magniber has been using a Windows installer package file (.msi) instead of IE browser vulnerability for its distribution. The ransomware includes a valid certificate and was distributed as DLL form inside the MSI file. However, starting from July 20th (Wednesday), it is now being distributed as a CPL file extension instead of MSI. As the cases of using an MSI file for distribution are decreasing, the attacker of Magniber likely has changed the method of distribution. (July … Continue reading Change in Magniber Ransomware (*.msi → *.cpl) – July 20th
2 Comments