Microsoft hardens App Installer security as malware abuse continues

Microsoft has curtailed access to a feature in its App Installer that was used by threat groups to deliver malware to victims. The move comes after the company’s threat intelligence team observed several groups, such as FIN7, abusing the feature to distribute malware. The groups were identified using the ms-appinstaller protocol handler to bypass protective mechanisms like Microsoft Defender SmartScreen and built-in browser warnings.