Malware attacks exploiting app installation protocol prompt deactivation

Several threat operations including Sangria Tempest or FIN7, Storm-0569, Storm-1674, and Storm-1113 have exploited Microsoft's "ms-appinstaller protocol" for expediting Windows app installation to facilitate malware distribution, resulting in the deactivation of the protocol, reports The Record, a news site by cybersecurity firm Recorded Future.

Article Link: Malware attacks exploiting app installation protocol prompt deactivation | SC Media