‘Financially Motivated Threat Actors’ Distributing Malware via App Installer

Microsoft has warned that cyber attackers are exploiting App Installer (ms-appinstaller URI scheme) to distribute malware that could lead to ransomware distribution. Threat actors are also using Microsoft Teams to deliver fake landing pages that mimic legitimate Microsoft services. Microsoft has disabled the protocol handler in a bid to curb the abuse, and is advising Teams users to verify external communication attempts, exercise caution with sharing, and not to share account information.