Internet Explorer is still causing trouble, even from the grave

Internet Explorer logo on laptop
(Image credit: Shutterstock / Monticello)

Despite the fact that the end of life date for Internet Explorer is fast approaching, the Magniber ransomware gang has begun exploiting two patched vulnerabilities in Microsoft's legacy browser to launch attacks on unsuspecting users.

According to a new report from Bleeping Computer, the group has begun exploiting Internet Explorer vulnerabilities using malvertising that push exploit kits to businesses operating in Asia. 

Magniber started in 2017 as the successor to another ransomware strain called Cerber and the group initially only targeted users in South Korea. In the time since though, the ransomware gang has expanded the scope of its operations to infect systems in China, Taiwan, Hong Kong, Singapore and Malyasia.

The Internet Explorer vulnerabilities being exploited in Magniber's latest round of cyberattacks are tracked as CVE-2021-26411 and CVE-2021-40444 and both vulnerabilities have a high CVSS score of 8.8. 

While the first vulnerability is a memory corruption flaw triggered by viewing a specially crafted website, it was patched by Microsoft back in March of this year. The second vulnerability enables remote code execution in Internet Explorer's rendering engine by opening a malicious document but it was also patched by the software giant back in September.

Shifting tactics

Magniber has long used vulnerabilities to breach systems and deploy its ransomware. Back in August, the group was observed exploiting PrintNightmare vulnerabilities to breach Windows servers and these flaws took Microsoft a bit more time to fix due to how they impacted users' ability to print documents.

A possible explanation for why Magniber has now shifted tactics to leverage vulnerabilities in Internet Explorer is because Microsoft has mostly fixed PrintNightmare vulnerabilities since they were heavily covered by the media which led admins to deploy the necessary patches and security updates. The Internet Explorer vulnerabilities now being used by the group are also easy to trigger as they only require a potential victim to open a file or webpage.

While most organizations and individuals have switched to using modern browsers like Google Chrome and Microsoft Edge, 1.15 percent of page views worldwide still come from Internet Explorer according to StatCoutner.

As the Magniber ransomware is still in active development and its payload has been completely rewritten three times, those concerned about falling victim to this latest round of attacks from the group should stop using Internet Explorer and switch to another browser that uses auto-updates ASAP.

Looking to further protect yourself online? Check out our roundups of the best endpoint protection softwarebest malware removal software and best ransomware protection

Via Bleeping Computer

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
A person at a laptop with a cybersecure lock symbol floating above it.
Hackers are still using old Ivanti bugs to break into networks
A digital representation of a lock
Security experts are being targeted with fake malware discoveries
data recovery
Ghost ransomware has hit firms in over 70 countries, FBI and CISA warn
Flag of the People's Republic of China overlaid with a technological network of wires and circuits.
One of the biggest flaws exploited by Salt Typhoon hackers has had a patch available for years
A computer being guarded by cybersecurity.
Huge cyberattack found hitting vulnerable Microsoft-signed legacy drivers to get past security
A pair of hands using a keyboard
Microsoft SharePoint hijacked to spread Havoc malware
Latest in Browsers
Woman using a Windows computer with Microsoft Edge
Don’t panic – Microsoft’s Edge browser isn’t about to subject you to a flood of unblocked adverts (not yet, anyway)
Google Chrome browser icon
A new split-screen feature is coming to Google Chrome, and it's surprisingly powerful
The Microsoft Edge logo on a black background displayed on a laptop screen.
Microsoft just gave Edge a great new feature to ensure the browser doesn’t slow down the PC, and it’s tempting me to switch from Google Chrome
Google Chrome with Christmas theme in Windows 11
I've used Edge, Firefox, and Opera, and yet after ten years in tech journalism, I still come back to Chrome
Woman using a Windows computer with Microsoft Edge
Microsoft gets rid of ‘Edge uninstall’ advice page after facing criticism over it having nothing to do with removing the app, and just promoting the browser instead
Microsoft Edge
Sorry, you're not getting Microsoft Edge off of your PC, at least according to its new 'uninstall' document
Latest in News
Panos Panay and Alexa Plus
Amazon's Panos Panay teases future Alexa+ devices from speakers to possible wearables
Metroid Prime 4
I reckon the Nintendo Switch 2 could launch with Metroid Prime 4 – here’s why
Samsung Galaxy Z Fold 6
New rumors predict a foldable iPhone will launch next year – and cost almost twice as much as the iPhone 16 Pro Max
Pebble smartwatch countdown
Pebble confirms its smartwatch announcement is just hours away
Logo of YouTube Shorts
Is YouTube auto-playing Shorts when you open the app? Well, you’re not alone - here’s how to fix it
Google DeepMind panel discussion
“More sovereignty and protection” - Google goes all-in on UK AI with data residency, upskilling projects, and startup investments