What you need to know
- Windows 10's App installer process has become a target for threat actors.
- The process is being used as a means to disseminate malware payloads.
- As usual, the whole scam starts with a sketchy email and the targeted user clicking links they shouldn't.
Scammers and threat actors attempting to cause trouble are nothing new in the world of computing, especially not in the Windows sector. So when we tell you there's a dangerous Windows 10 swindle being called out, don't be surprised.
The new scam's been flagged by SophosLabs, which discovered the danger because it knocked directly on SophosLabs' door (via ZDNet). Weird emails arrived at Sophos inboxes, using the usual blend of poorly composed, threatening speech and a request to click something sketchy.
If you click what the email tells you to click, you're brought to a webpage where you'll be prompted to preview a seemingly harmless PDF. Of course, that "PDF preview" is anything but harmless and binds you to a link starting with the ms-appinstaller: prefix, which summons Windows 10's AppInstaller.exe tool, kickstarting a download-and-run process that'll put you in a bad place very quickly. From there, you'll have to deal with the dangers of malware BazarBackdoor, including data and credential theft.
The novel part of this whole situation is the abuse of the Windows 10 App installer process. The other elements, and the broad strokes of the overall attack, are old hat to anyone who's been around PCs. You know the rules: Sketchy emails? Ignore. Dodgy links? Don't click. Do these two things and you'll already have outwitted 99% of scammers out there. It doesn't matter what iteration of Windows you're on, either. You could be rocking Windows XP or Windows 11, and at the end of the day, if you don't fall for the initial steps, you'll be safe.