Criminals are exploiting a Microsoft SmartScreen bug to deliver Magniber ransomware, potentially infecting hundreds of thousands of devices, without raising any security red flags, according to Google’s Threat Analysis Group (TAG).
TAG discovered the in-the-wild exploit, and reported it to Microsoft last month. Redmond has patched the Windows-Office vulnerability, tracked as CVE-2023-24880, today in its monthly Patch Tuesday event.
It’s related to a similar Windows SmartScreen security feature bypass vulnerability, CVE-2022-44698, which Microsoft patched in December — but not before miscreants found it and used it to sling the same malware.
