Magniber

Change in Magniber Ransomware Vulnerability (CVE-2021-40444)

Magniber is a fileless ransomware using an IE vulnerability and it is one of the ransomware that causes damage to numerous Korean users. It is difficult to prevent infection if not detected and blocked in advance during the vulnerability occurrence phase, which makes it difficult for anti-malware programs to detect it. Magniber ransomware had been distributed since March 15th, 2021 using CVE-2021-26411 vulnerability up to recently, but on September 16th, it was discovered that it changed to CVE-2021-40444 vulnerability. This…

Detection of JavaScript Vulnerability (CVE-2021-26411) via V3 Behavior Detection (Magniber)

Attackers are using the CVE-2021-26411 JavaScript vulnerability to actively distribute fileless Magniber ransomware via IE browser. Its internal code flow is changing rapidly, and there are still numerous damage reports that involve Magniber ransomware in Korea. As it is being distributed via an IE vulnerability (CVE-2021-26411), it is absolutely crucial for IE users to apply the security patch. Currently, V3 products can detect and block the latest Magniber ransomware using the ‘Behavior Detection’ feature. Figure 1 shows the infection process of…