{"id":33654,"date":"2020-03-04T19:04:06","date_gmt":"2020-03-04T19:04:06","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/download-this-update-from-mybrowser-microsoft-com-oh-sorry-that-was-malware-on-a-hijacked-sub-domain-oops\/"},"modified":"2020-03-04T19:04:06","modified_gmt":"2020-03-04T19:04:06","slug":"download-this-update-from-mybrowser-microsoft-com-oh-sorry-that-was-malware-on-a-hijacked-sub-domain-oops","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/download-this-update-from-mybrowser-microsoft-com-oh-sorry-that-was-malware-on-a-hijacked-sub-domain-oops\/","title":{"rendered":"Download this update from mybrowser.microsoft.com. Oh, sorry, that was malware on a hijacked sub-domain. Oops"},"content":{"rendered":"<p>If you saw a link to <code>mybrowser.microsoft.com<\/code>, would you have trusted it? Downloaded and installed an Edge update from it? How about <code>identityhelp.microsoft.com<\/code> to change your password?<\/p>\n<p>Well, you shouldn&#8217;t have, because the pair were among sub-domains hijacked by vulnerability researchers to prove Microsoft is lax with its own online security.<\/p>\n<p>In short, the Windows giant allowed hundreds of sub-domains \u2013 at least 670 \u2013 on its big-name microsoft.com, skype.com, visualstudio.com, and windows.com properties to potentially fall into the hands of miscreants who could have commandeered them for phishing and malware distribution.<\/p>\n<h3 class=\"crosshead\"><span>The caper<\/span><\/h3>\n<p>It basically would work like this, similar to <a target=\"_blank\" href=\"https:\/\/www.theregister.co.uk\/2019\/01\/23\/office_365_network_hole\/\" rel=\"noopener noreferrer\">previous reports<\/a> of Microsoft web joy-riding: The tech goliath had loads of sub-domains, such as <code>dev.social.microsoft.com<\/code> and <code>web.visualstudio.com<\/code>, served by systems hosted in its Azure cloud. For example, <code>mybrowser.microsoft.com<\/code> might have resolved to something like <code>webserver9000.azurewebsites.net<\/code>. When you visited <code>mybrowser.microsoft.com<\/code>, your browser would have been directed, via DNS, to fetch a page from <code>webserver9000.azurewebsites.net<\/code>.<\/p>\n<p>Now, as we said, Microsoft has loads of these sub-domains, and after a while it just stops updating some of them and abandons them. Unfortunately, and crucially, it leaves the sub-domains&#8217; DNS records in place, so, for example, <code>mybrowser.microsoft.com<\/code> would still point to <code>webserver9000.azurewebsites.net<\/code> even though the server instance handling it was long since shut down.<\/p>\n<p>This is where the miscreants swoop in. They get an Azure account, and spin up a web server instance, and request the hostname <code>webserver9000<\/code>, or <code>webserver9000.azurewebsites.net<\/code> in its full form. Now, when people visit <code>mybrowser.microsoft.com<\/code>, they are directed instead to the criminals&#8217; <code>webserver9000.azurewebsites.net<\/code>, which offers victims downloads that look like browser updates but are actually ransomware or malware. Or pages that phish for their Office 365 username and password. You get the idea.<\/p>\n<div class=\"promo_article\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/regmedia.co.uk\/2016\/09\/07\/office_365_photo_by_dennizn_via_shutterstock.jpg?x=174&amp;y=115&amp;crop=1\" width=\"174\" height=\"115\" alt=\"Office 365, photo by dennizn via Shutterstock\"><\/p>\n<h2 title=\"Dev fears sub-domain abuse \u2013 Plus, unofficial patches for trio of Windows zero-days\">White-listing Azure cloud connections to grease your Office 365 wheels? About that&#8230;<\/h2>\n<p><a href=\"https:\/\/www.theregister.co.uk\/2019\/01\/23\/office_365_network_hole\/\"><span>READ MORE<\/span><\/a><\/div>\n<p>This security shortcoming, and nearly 700 example at-risk sub-domains, were privately reported to Microsoft by Numan Ozdemir and Ozan Agdepe of infosec outfit Vullnerability. To demonstrate the hostnames could be hijacked, they redirected ten of Microsoft&#8217;s sub-domains, including <code>mybrowser.microsoft.com<\/code> and <code>identityhelp.microsoft.com<\/code>, to their own pages hosted on Azure. It appears Microsoft has, in the past 24 hours or so, finally deactivated the sub-domains disclosed by Vullnerability.<\/p>\n<p>&#8220;An attacker can upload his own files, create his own databases, track traffic, and create a clone of the main website,&#8221; Ozdemir and Agdepe explained in an <a target=\"_blank\" rel=\"nofollow noopener noreferrer\" href=\"https:\/\/vullnerability.com\/blog\/microsoft-subdomain-account-takeover\">advisory<\/a> seen by <em>The Register<\/em> earlier this week ahead of its publication today. &#8220;So, it is not possible to detect whether a sub-domain has been hijacked by an attacker or is really managed by system authorities. Attackers threaten security by exploiting visitors&#8217; trust.&#8221;<\/p>\n<p>Ozdemir told <em>El Reg<\/em> a sub-domain takeover requires little in the way of technical skill, and, depending how long it takes to stumble upon a vulnerable sub-domain, it could take anywhere from five to 30 minutes to commandeer.<\/p>\n<p>Microsoft&#8217;s response is concerning. It has known about this danger for ages, yet persists with lax DNS management, and has refused to pay out bug bounties for the issue. Ozdemir and Agdepe argued Microsoft&#8217;s reward scheme included sub-domain security; Redmond disagreed with that interpretation.<\/p>\n<p>All Microsoft has to do is delete DNS entries for sub-domains when decommissioning their servers, or at least consider removing DNS entries for those sub-domains that no longer respond to HTTP requests.<\/p>\n<p>&#8220;We have detected more than 670 vulnerable sub-domains, and reported lots of vulnerable sub-domains,&#8221; said Ozdemir. &#8220;We will continue to report all vulnerable sub-domains &#8230; otherwise, nobody will report them to Microsoft. It&#8217;s a great reason why visitors should be careful while visiting Microsoft&#8217;s websites. If Microsoft doesn&#8217;t need us, we invite them to scan all their sub-domains and fix all of vulnerable sub-domains.<\/p>\n<p>&#8220;They can detect those vulnerabilities by comparing DNS records and HTTP responses, just as we did.&#8221;<\/p>\n<p>A spokesperson for Microsoft told <em>El Reg<\/em>: &#8220;We are aware of such reports and are taking appropriate action as needed to help protect Microsoft services and customers.&#8221; \u00ae<\/p>\n<p class=\"wptl btm\"><span>Sponsored:<\/span> <a href=\"https:\/\/go.theregister.co.uk\/tl\/1901\/-8266\/quit-your-addiction-to-storage?td=wptl1901\">Quit your addiction to storage<\/a><\/p>\n<p>READ MORE <a href=\"https:\/\/go.theregister.co.uk\/feed\/www.theregister.co.uk\/2020\/03\/04\/microsoft_subdomain_takeover\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Lax DNS leaves door wide open for miscreants to impersonate Windows giant on its own websites If you saw a link to mybrowser.microsoft.com, would you have trusted it? Downloaded and installed an Edge update from it? How about identityhelp.microsoft.com to change your password?\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":33655,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-33654","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Download this update from mybrowser.microsoft.com. Oh, sorry, that was malware on a hijacked sub-domain. Oops 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/download-this-update-from-mybrowser-microsoft-com-oh-sorry-that-was-malware-on-a-hijacked-sub-domain-oops\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Download this update from mybrowser.microsoft.com. Oh, sorry, that was malware on a hijacked sub-domain. Oops 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/download-this-update-from-mybrowser-microsoft-com-oh-sorry-that-was-malware-on-a-hijacked-sub-domain-oops\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-03-04T19:04:06+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/03\/download-this-update-from-mybrowser-microsoft-com-oh-sorry-that-was-malware-on-a-hijacked-sub-domain-oops.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"174\" \/>\n\t<meta property=\"og:image:height\" content=\"115\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/download-this-update-from-mybrowser-microsoft-com-oh-sorry-that-was-malware-on-a-hijacked-sub-domain-oops\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/download-this-update-from-mybrowser-microsoft-com-oh-sorry-that-was-malware-on-a-hijacked-sub-domain-oops\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Download this update from mybrowser.microsoft.com. Oh, sorry, that was malware on a hijacked sub-domain. Oops\",\"datePublished\":\"2020-03-04T19:04:06+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/download-this-update-from-mybrowser-microsoft-com-oh-sorry-that-was-malware-on-a-hijacked-sub-domain-oops\\\/\"},\"wordCount\":667,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/download-this-update-from-mybrowser-microsoft-com-oh-sorry-that-was-malware-on-a-hijacked-sub-domain-oops\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/03\\\/download-this-update-from-mybrowser-microsoft-com-oh-sorry-that-was-malware-on-a-hijacked-sub-domain-oops.jpg\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/download-this-update-from-mybrowser-microsoft-com-oh-sorry-that-was-malware-on-a-hijacked-sub-domain-oops\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/download-this-update-from-mybrowser-microsoft-com-oh-sorry-that-was-malware-on-a-hijacked-sub-domain-oops\\\/\",\"name\":\"Download this update from mybrowser.microsoft.com. Oh, sorry, that was malware on a hijacked sub-domain. Oops 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/download-this-update-from-mybrowser-microsoft-com-oh-sorry-that-was-malware-on-a-hijacked-sub-domain-oops\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/download-this-update-from-mybrowser-microsoft-com-oh-sorry-that-was-malware-on-a-hijacked-sub-domain-oops\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/03\\\/download-this-update-from-mybrowser-microsoft-com-oh-sorry-that-was-malware-on-a-hijacked-sub-domain-oops.jpg\",\"datePublished\":\"2020-03-04T19:04:06+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/download-this-update-from-mybrowser-microsoft-com-oh-sorry-that-was-malware-on-a-hijacked-sub-domain-oops\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/download-this-update-from-mybrowser-microsoft-com-oh-sorry-that-was-malware-on-a-hijacked-sub-domain-oops\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/download-this-update-from-mybrowser-microsoft-com-oh-sorry-that-was-malware-on-a-hijacked-sub-domain-oops\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/03\\\/download-this-update-from-mybrowser-microsoft-com-oh-sorry-that-was-malware-on-a-hijacked-sub-domain-oops.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/03\\\/download-this-update-from-mybrowser-microsoft-com-oh-sorry-that-was-malware-on-a-hijacked-sub-domain-oops.jpg\",\"width\":174,\"height\":115},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/download-this-update-from-mybrowser-microsoft-com-oh-sorry-that-was-malware-on-a-hijacked-sub-domain-oops\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Download this update from mybrowser.microsoft.com. Oh, sorry, that was malware on a hijacked sub-domain. Oops\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Download this update from mybrowser.microsoft.com. Oh, sorry, that was malware on a hijacked sub-domain. Oops 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/download-this-update-from-mybrowser-microsoft-com-oh-sorry-that-was-malware-on-a-hijacked-sub-domain-oops\/","og_locale":"en_US","og_type":"article","og_title":"Download this update from mybrowser.microsoft.com. Oh, sorry, that was malware on a hijacked sub-domain. Oops 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/download-this-update-from-mybrowser-microsoft-com-oh-sorry-that-was-malware-on-a-hijacked-sub-domain-oops\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-03-04T19:04:06+00:00","og_image":[{"width":174,"height":115,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/03\/download-this-update-from-mybrowser-microsoft-com-oh-sorry-that-was-malware-on-a-hijacked-sub-domain-oops.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/download-this-update-from-mybrowser-microsoft-com-oh-sorry-that-was-malware-on-a-hijacked-sub-domain-oops\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/download-this-update-from-mybrowser-microsoft-com-oh-sorry-that-was-malware-on-a-hijacked-sub-domain-oops\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Download this update from mybrowser.microsoft.com. Oh, sorry, that was malware on a hijacked sub-domain. Oops","datePublished":"2020-03-04T19:04:06+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/download-this-update-from-mybrowser-microsoft-com-oh-sorry-that-was-malware-on-a-hijacked-sub-domain-oops\/"},"wordCount":667,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/download-this-update-from-mybrowser-microsoft-com-oh-sorry-that-was-malware-on-a-hijacked-sub-domain-oops\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/03\/download-this-update-from-mybrowser-microsoft-com-oh-sorry-that-was-malware-on-a-hijacked-sub-domain-oops.jpg","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/download-this-update-from-mybrowser-microsoft-com-oh-sorry-that-was-malware-on-a-hijacked-sub-domain-oops\/","url":"https:\/\/www.threatshub.org\/blog\/download-this-update-from-mybrowser-microsoft-com-oh-sorry-that-was-malware-on-a-hijacked-sub-domain-oops\/","name":"Download this update from mybrowser.microsoft.com. Oh, sorry, that was malware on a hijacked sub-domain. Oops 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/download-this-update-from-mybrowser-microsoft-com-oh-sorry-that-was-malware-on-a-hijacked-sub-domain-oops\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/download-this-update-from-mybrowser-microsoft-com-oh-sorry-that-was-malware-on-a-hijacked-sub-domain-oops\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/03\/download-this-update-from-mybrowser-microsoft-com-oh-sorry-that-was-malware-on-a-hijacked-sub-domain-oops.jpg","datePublished":"2020-03-04T19:04:06+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/download-this-update-from-mybrowser-microsoft-com-oh-sorry-that-was-malware-on-a-hijacked-sub-domain-oops\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/download-this-update-from-mybrowser-microsoft-com-oh-sorry-that-was-malware-on-a-hijacked-sub-domain-oops\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/download-this-update-from-mybrowser-microsoft-com-oh-sorry-that-was-malware-on-a-hijacked-sub-domain-oops\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/03\/download-this-update-from-mybrowser-microsoft-com-oh-sorry-that-was-malware-on-a-hijacked-sub-domain-oops.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/03\/download-this-update-from-mybrowser-microsoft-com-oh-sorry-that-was-malware-on-a-hijacked-sub-domain-oops.jpg","width":174,"height":115},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/download-this-update-from-mybrowser-microsoft-com-oh-sorry-that-was-malware-on-a-hijacked-sub-domain-oops\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Download this update from mybrowser.microsoft.com. Oh, sorry, that was malware on a hijacked sub-domain. Oops"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/33654","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=33654"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/33654\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/33655"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=33654"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=33654"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=33654"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}