Tuesday, July 30, 2024

Watch out — that Microsoft OneDrive security warning could actually be a malware scam

Hackers are giving the old “phishing with errors” scam a modern twist in a bid to trick victims into downloading dangerous malware onto their PCs. 

Cybersecurity researchers from the Trellix Advanced Research Center have revealed how they recently observed a new campaign that targets Microsoft OneDrive users.

In the campaign, the victims get an email address with a .HTML file attached, typically named “Reports.pdf”, in an attempt to trick the victim into thinking it’s an important, work-related document. When the victims open it, they get a window that resembles Microsoft OneDrive, with an error message stating that the device could not connect, and that the error needs to be addressed manually.

Social engineering tactics

“Failed to connect to the 'OneDrive' cloud service. To fix the error, you need to update the DNS cache manually." The message reads. The window also features two buttons: “Details”, and “How to fix.” Clicking the “Details” button redirects the victims to a legitimate page on Microsoft Learn that discusses troubleshooting DNS problems.

The “how to fix” button, though, triggers a function call GD, with a .js script embedded in the .HTML file. It also loads secondary instructions that the victims must follow.

“This campaign heavily relies on social engineering tactics to deceive users into executing a PowerShell script, thereby compromising their systems,” the researchers explain. “This combination of technical jargon and urgent error messages is a classic social engineering tactic, designed to manipulate the user's emotions and prompt hasty action without careful consideration.”

This “hasty action” includes bringing up the Windows PowerShell terminal and then pasting and executing a malicious command. The majority of the victims seem to be located in the US, South Korea, Germany, India, Ireland, Italy, Norway, and the UK.

Ever since the death of the macro, cybercriminals have been looking for working alternatives to sharing malware via email.

More from TechRadar Pro



from TechRadar - All the latest technology news https://ift.tt/AiLre9Z

No comments:

Post a Comment

This devious new malware is going after macOS users with a whole barrel of tricks

Security researchers from Group-IB discover unique new piece of malware It abuses extended attributes for macOS files to deploy the payl...