Magniber ransomware actors used a variant of Microsoft SmartScreen bypass

The report outlines September–November 2022 Magniber ransomware activity that used malformed Authenticode signatures to bypass SmartScreen warnings (an issue later tracked as CVE-2022-44698). Initially deployed via JScript, the actors switched to MSI installers in the current campaign; other actors (notably Qakbot operators) later reused the same bypass. Microsoft released a patch in December 2022.