Microsoft addresses App Installer abuse

Summary In recent months, Microsoft Threat Intelligence has observed threat actors leveraging social engineering and phishing techniques to target Windows OS users and utilizing the ms-appinstaller URI scheme. We have addressed and mitigated this malicious activity by turning off ms-appinstaller by default. Additionally, Microsoft has coordinated with Certificate Authorities to revoke the abused code signing certificates utilized by malware samples we have identified.

abuse addresses app app installer certificate certificate authorities code code signing coordinated default engineering installer intelligence malicious microsoft microsoft threat intelligence ms-appinstaller phishing phishing techniques signing social social engineering target techniques threat threat actors threat intelligence uri windows windows os