Watch out, that Microsoft Edge update is actually ransomware

News
By published

New campaign targets Edge users with fake updates

Lock on Laptop Screen
(Image credit: Future)

As security experts often stress the importance of keeping your software up to date, cybercriminals have now begun targeting Microsoft Edge users with fake browser updates.

Fake software updates have been a go-to tactic deployed by cybercriminals to get users to download malware for years now. This is because with a convincingly-branded message that carries the right mixture of implied threat and urgency, they can easily trick unsuspecting users.

While Flash updates were a longtime fixture of web-based malware campaigns, Adobe killed off the popular software more than a year ago which is why cybercriminals are now targeting browsers instead. One reason for this is due to the fact that browsers like Google Chrome and Microsoft Edge are updated so frequently that many users put off installing updates when they become available.

According to a new blog post from Malwarebytes, the cybersecurity firm's threat intelligence team recently worked with nao_sec researchers to investigate a newly discovered update to the Magnitude exploit kit that was tricking users into installing a fake Microsoft Edge browser update.

Magniber ransomware

The Magnitude exploit kit uses a wide range of social engineering lures and exploits to attack users and install ransomware on their systems. Although it has been used to target users around the world with different ransomware strains in the past, these days it is primarily used to install the Magniber ransomware on targets in South Korea.

The attack campaign investigated by Malwarebytes begins with a user visiting an ad-heavy website where they encounter a malicious ad which redirects them to a “gate” known as Magnigate. This gate checks their IP address and browser to determine if the users should be attacked. If they fit the correct criteria, the user is then redirected again to the Magnitude exploit kit landing page.

From here, they are prompted to download an update for Microsoft Edge which is actually a malicious Windows Application package (.appx) file. This file then downloads the Magniber ransomware, encrypts their files and demands a ransom.

To prevent falling victim to this attack and others like it, users should invest in ransomware protection and be aware of the fact that Edge updates automatically when you restart it.

We've also highlighted the best browser and best ransomware protection

Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
These fake macOS updates are actually just looking to spread malware
Phone scammer
Microsoft thinks it could stop this dangerous scam forever
A digital representation of a lock
Security experts are being targeted with fake malware discoveries
A finger touching the google chrome icon in the Windows 10 start menu
A new Chrome browser highjacking attack could affect billions of users - here's how to fight it
Representational image of a cybercriminal
Criminals are spreading malware disguised as DeepSeek AI
Fraud
Hackers are tricking victims into scam-yourself attacks with fake tutorials, CAPTCHAs, and updates
Latest in Security
Lock on Laptop Screen
Data breach at Pennsylvania education union potentially exposes 500,000 victims
An American flag flying outside the US Capitol building against a blue sky
Five Eyes "cannot replace US intel in Ukraine", claims former US Cyber Command Chief
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Criminals are using a virtual hard disk image file to host and distribute dangerous malware
WordPress on a laptop
Over 20,000 WordPress sites hit by damaging malware campaign
Trojan
WhatsApp patches security flaw which let hackers install spyware
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X
A worrying Apple Password App vulnerability reportedly left users exposed for months
Latest in News
Quordle on a smartphone held in a hand
Quordle hints and answers for Friday, March 21 (game #1152)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Friday, March 21 (game #383)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Friday, March 21 (game #649)
The ASSC Assassin's Creed collection.
The Assassin's Creed x Anti Social Social Club drop includes gaming merch that I wouldn't be embarrassed to wear
Lock on Laptop Screen
Data breach at Pennsylvania education union potentially exposes 500,000 victims
Boston Dynamics all electric Altas
This robot can do a cartwheel better than me and now I'm freaking out – but in a good way
More about security
Lock on Laptop Screen

Data breach at Pennsylvania education union potentially exposes 500,000 victims
Trojan

WhatsApp patches security flaw which let hackers install spyware
Amazon cheap tech gadgets under $50

Amazon's latest sale is filled with cheap tech gadgets: here are 16 deals I'd buy under $50
See more latest
Most Popular
The ASSC Assassin's Creed collection.
The Assassin's Creed x Anti Social Social Club drop includes gaming merch that I wouldn't be embarrassed to wear
Quordle on a smartphone held in a hand
Quordle hints and answers for Friday, March 21 (game #1152)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Friday, March 21 (game #383)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Friday, March 21 (game #649)
Living room with Microsoft Xbox Series X (L) and Sony PlayStation 5 home video game consoles alongside a television and soundbar, taken on November 3, 2020.
The PS5 is currently selling faster than the PS4 did in the US, but I'm surprised to discover that the Xbox Series X and S are trailing behind Xbox One
Lock on Laptop Screen
Data breach at Pennsylvania education union potentially exposes 500,000 victims
Samsung Galaxy Tab S9 FE Plus on a desk showing the rear of the device from above
The Samsung Galaxy Tab S10 FE could be a powerful iPad Air rival, based on the latest specs rumors
Trojan
WhatsApp patches security flaw which let hackers install spyware
God of War 20th anniversary vinyl box set.
The God of War 20th anniversary vinyl box set features 13 discs and 150 remastered songs
Boston Dynamics all electric Altas
This robot can do a cartwheel better than me and now I'm freaking out – but in a good way