Google has announced that its Threat Analysis Group found a flaw in Microsoft's SmartScreen security feature that allowed hackers to distribute the Magniber ransomware. The good news is that Google informed Microsoft of this issue on February 15, and the better news is Microsoft fixed this flaw today as part of the Patch Tuesday update (Windows 11, Windows 10).
The attackers are delivering MSI files signed with an invalid but specially crafted Authenticode signature. The malformed signature causes SmartScreen to return an error that results in bypassing the security warning dialog displayed to users when an untrusted file contains a Mark-of-the-Web (MotW), which indicates a potentially malicious file has been downloaded from the internet.
The blog post stated that Google's Threat Analysis Group had found over 100,000 downloads of these MSI files since January 2023, with the vast majority found in Europe. It added that its own Safe Browsing security feature in Chrome detected over 90 percent of these malicious files.
For its part, Microsoft labeled this security issue as "Moderate" when it listed this patch as CVE-2023-24880 in its own update earlier today.