Watch out, that Microsoft Edge update is actually ransomware

News
By published

New campaign targets Edge users with fake updates

Lock on Laptop Screen
(Image credit: Future)

As security experts often stress the importance of keeping your software up to date, cybercriminals have now begun targeting Microsoft Edge users with fake browser updates.

Fake software updates have been a go-to tactic deployed by cybercriminals to get users to download malware for years now. This is because with a convincingly-branded message that carries the right mixture of implied threat and urgency, they can easily trick unsuspecting users.

While Flash updates were a longtime fixture of web-based malware campaigns, Adobe killed off the popular software more than a year ago which is why cybercriminals are now targeting browsers instead. One reason for this is due to the fact that browsers like Google Chrome and Microsoft Edge are updated so frequently that many users put off installing updates when they become available.

According to a new blog post from Malwarebytes, the cybersecurity firm's threat intelligence team recently worked with nao_sec researchers to investigate a newly discovered update to the Magnitude exploit kit that was tricking users into installing a fake Microsoft Edge browser update.

Magniber ransomware

The Magnitude exploit kit uses a wide range of social engineering lures and exploits to attack users and install ransomware on their systems. Although it has been used to target users around the world with different ransomware strains in the past, these days it is primarily used to install the Magniber ransomware on targets in South Korea.

The attack campaign investigated by Malwarebytes begins with a user visiting an ad-heavy website where they encounter a malicious ad which redirects them to a “gate” known as Magnigate. This gate checks their IP address and browser to determine if the users should be attacked. If they fit the correct criteria, the user is then redirected again to the Magnitude exploit kit landing page.

From here, they are prompted to download an update for Microsoft Edge which is actually a malicious Windows Application package (.appx) file. This file then downloads the Magniber ransomware, encrypts their files and demands a ransom.

To prevent falling victim to this attack and others like it, users should invest in ransomware protection and be aware of the fact that Edge updates automatically when you restart it.

We've also highlighted the best browser and best ransomware protection

Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
These fake macOS updates are actually just looking to spread malware
Phone scammer
Microsoft thinks it could stop this dangerous scam forever
A digital representation of a lock
Security experts are being targeted with fake malware discoveries
A finger touching the google chrome icon in the Windows 10 start menu
A new Chrome browser highjacking attack could affect billions of users - here's how to fight it
Representational image of a cybercriminal
Criminals are spreading malware disguised as DeepSeek AI
Magnifying glass enlarging the word 'malware' in computer machine code
Microsoft Teams and AnyDesk abused to deploy dangerous malware, so be on your guard
Latest in Security
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
An American flag flying outside the US Capitol building against a blue sky
The FCC is creating a security council to bolster US defenses against cyberattacks
Image depicting hands typing on a keyboard, with phishing hooks holding files, passwords and credit cards.
Microsoft warns about a new phishing campaign impersonating Booking.com
Ransomware
Microsoft uncovers sleuthy new XCSSET MacOS malware campaign
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Meta warns of worrying security flaw hitting open source type software
Hand holding smartphone and scan fingerprint biometric identity for unlock her mobile phone
Passwordless authentication continues to grow, with biometrics helping push adoption
Latest in News
Garmin Instinct 3 in Neotropic Green
"I'm an idiot": Garmin user reveals how fixing one setting completely changed their training after months of making no progress
The main battle pass characters in Fortnite Lawless, including Midas, Sub Zero and a large wolf-man
You'll finally be able to play Fortnite on Windows 11 Arm-powered laptops as Epic Games partners with Qualcomm
DeepSeek on an iPhone
OpenAI calls on US government to ban DeepSeek, calling it ‘state-subsidized’ and ‘state-controlled’
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Stress
Complexity of IT systems could be increasing security risks for businesses
Warhammer 40,000: Space Marine 3
Warhammer 40,000: Space Marine 3 enters development as team promises to support Space Marine 2 'with exciting content and regular updates in the coming years'
More about security
Abstract image of cyber security in action.

MassJacker malware targets those looking for pirated software
An American flag flying outside the US Capitol building against a blue sky

The FCC is creating a security council to bolster US defenses against cyberattacks
Upeak Sport Strap on Apple Watch, leaning on plinth on desk with pink background

The Upeak Sport Strap is so comfortable I forgot I was wearing my Apple Watch – but it’s not the most premium band out there
See more latest
Most Popular
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
The main battle pass characters in Fortnite Lawless, including Midas, Sub Zero and a large wolf-man
You'll finally be able to play Fortnite on Windows 11 Arm-powered laptops as Epic Games partners with Qualcomm
Garmin Instinct 3 in Neotropic Green
"I'm an idiot": Garmin user reveals how fixing one setting completely changed their training after months of making no progress
DeepSeek on an iPhone
OpenAI calls on US government to ban DeepSeek, calling it ‘state-subsidized’ and ‘state-controlled’
Warhammer 40,000: Space Marine 3
Warhammer 40,000: Space Marine 3 enters development as team promises to support Space Marine 2 'with exciting content and regular updates in the coming years'
An AMD Radeon RX 9070 XT vs RX 9070 against a red two-tone background
Well, AMD's Radeon RX 9070 series launch isn't going as smoothly as we thought - and it's because retailers have inflated prices
Mark and Devon sitting in a car in Severance season 2 episode 9
Severance season 2 episode 9 recap: 7 new theories I have about 'The After Hours', and answers for Mr Bailiff, devour feculence, Svalbard, and more
An AMD Radeon RX 9070 XT made by Sapphire on a table with its retail packaging
AMD describes its recent RDNA 4 GPU launch as 'unprecedented' and promises restocking the Radeon RX 9070 XT as 'priority number one'
Wix Printful
Wix teams up with Printful for in-house print-on-demand tools
Mercedes-Benz CLA 2025
I’ve tried the new Mercedes-Benz Superscreen – and its Google Gemini-powered smarts push EV infotainment to the next level