There’s a new malware that can impersonate Google Chrome and Microsoft, with the power to steal money from Microsoft device owners.
Since March, Proofpoint, an online protection firm, flagged an ongoing campaign that sees “cybercriminal threat actors adopting new, varied, and increasingly creative attack chains.”
This month, the firm identified a larger distribution of the malware. It acts as fake updates in browsers such as Chrome and can mimic apps such as Microsoft Word.
This is to coerce users into downloading a harmful series of code.
This provides the attack with access to cryptocurrencies, as well as sensitive files and personal information.
Usually, a pretend update will pop up on Google Chrome, via a “compromised website.” It contains a clipboard message that says to “copy the code” provided.
Then the user will be instructed to open PowerShell, which is a Microsoft program for scripts and paste in the malware.
The hijacker then gains access to the victims’ cryptocurrency.
This attack will reroute the funds to the hijacker instead of the victim who is the right recipient.
Another method for this is via “email lure” which is similar to phishing.
Phishing is where emails and messages will be received claiming to be from reputable companies, where victims are coerced into providing personal information, such as passwords.
These emails usually contain a hypertext markup language file that resembles Microsoft Word, and have a range of error messages.
“Word Online’ extension is not installed,” is one example.
Users being prompted into opening PowerShell and copying over malicious code in this campaign appear to be widespread, according to Proofpoint.
“The campaign included over 100,000 messages and targeted thousands of organisations globally.”
Microsoft’s cloud storage OneDrive, has also been mimicked for nefarious reasons.
Proofpoint said, “The social engineering in the fake error messages is clever and purports to be an authoritative notification coming from the operating system. It also provides both the problem and a solution so that a viewer may take prompt action without pausing to consider the risk.”
The one good thing regarding this scam is that “this attack chain requires significant user interaction to be successful.”
Users have been urged to never download anything that appears to be unauthorized or suspicious.
Globally used programs such as Chrome and Word will never prompt users to manually input code into another application for basic functions.
