Hackers are using fake Chrome, Word and OneDrive errors to trick people into installing malware


Proofpoint has observed an increase in a technique leveraging unique social engineering that directs users to copy and paste malicious PowerShell scripts to infect their computers with malware.

Threat actors including initial access broker TA571 and at least one fake update activity set are using this method to deliver malware including DarkGate, Matanbuchus, NetSupport, and various information stealers. Whether the initial campaign begins via malspam or delivered via web browser injects, the technique is similar. Users are shown a popup textbox that suggests an error occurred when trying to open the document or webpage, and instructions are provided to copy and paste a malicious script into the PowerShell terminal, or the Windows Run dialog box to eventually run the script via PowerShell.

Read more…
Source: Proofpoint


Sign up for our Newsletter


Related:

  • MediSecure reveals 12.9 million Australians had personal data stolen in cyber attack earlier this year

    July 18, 2024

    eScript provider MediSecure has revealed the personal data of 12.9 million Australians was stolen by hackers earlier this year, making it one of the largest cyber breaches in Australian history. MediSecure, which facilitates electronic prescriptions and dispensing, confirmed it was the victim of a large-scale data breach in May. The company had previously not disclosed how ...

  • HS2 investigating possible misconduct tied to ‘serious’ data breach

    July 18, 2024

    HS2 has launched a formal investigation into allegations of gross misconduct tied to a “serious” data breach earlier in the year, City A.M. understands. Sources allege the incident took place in late May. HS2 Ltd, the company sponsored by the Department for Transport (DfT) to oversee the project, subsequently began an investigation into a potential significant ...

  • Student who created malware worth £45k while living with parents is jailed

    July 17, 2024

    A university student who created malware targeting government websites while living with his parents has been jailed. Amar Tagore, 21, a third year university student, offered buyers malware (malicious software) to disrupt corporate and state-run websites, while living with his parents in Alexandria, West Dunbartonshire. He supplied a tool used by hundreds of online customers to ...

  • London council slammed for ‘severe’ data breach in ‘avoidable’ cyber attack

    July 17, 2024

    Britain’s data watchdog has lambasted London’s Hackney Council for a cyber attack that “severely” impacted residents, saying the breach was “a clear and avoidable error.” In October 2020, hackers infiltrated Hackney’s systems, accessing, encrypting, and in some instances exfiltrating personal data. The compromised information included residents’ names, addresses, racial or ethnic origins, religious beliefs, sexual orientations, ...

  • Disney faces potential data breach, hacker group claims massive leak

    July 15, 2024

    The Walt Disney Company is reeling from a suspected cyberattack by a hacktivist group calling itself NullBulge, exposing a significant amount of sensitive information. NullBulge announced its exploit on 12 July on both the cybercrime forum Breach Forums and X/Twitter. The group said it infiltrated Disney’s internal Slack communication platform, leaking 1.2 terabytes of data online. Read ...

  • Rite Aid confirms data breach following ransomware attack

    July 15, 2024

    American drugstore chain Rite Aid has confirmed that last month’s ransomware attack resulted in data theft. In a statement, the company said it was currently investigating the cyberattack, and is working on sending out data breach notifications to affected customers. “Rite Aid experienced a limited cybersecurity incident in June, and we are finalizing our investigation. We ...