Microsoft disables ‘App Installer’ used by hackers to spread malware

Microsoft has disabled its ms-appinstaller URI scheme (App Installer) following reports of its abuse by threat actors to distribute malware since mid-November 2023. The scheme can bypass security measures like Microsoft Defender SmartScreen, making it a popular vector for hackers. Cybercriminals were selling a service that misused this protocol handler and the MSIX file format, using ads for legitimate software and Microsoft Teams phishing to distribute damaging software.