Cyber experts have warned that new advanced malware disguised as Google Chrome and Microsoft could steal money from Microsoft device owners.
Since March, online protection company Proofpoint has been warning of ongoing malicious campaigns in which “cybercriminal threat actors are employing new, diverse and increasingly creative attack chains.”
This month, Proofpoint Large-scale malware presence confirmedThe malware poses as fake updates for internet browsers like Chrome and mimics programs like Microsoft Word to force users into downloading a string of harmful code.
From there, a delayed Trojan-like attack could give them access to cryptocurrency and other sensitive files and personal information.
The fake update prompt often pops up in Google Chrome through a “compromised website” with a clipboard message to “copy code” and then instructs the personal computer (PC) owner to open PowerShell, a Microsoft program for scripting, and paste the malware themselves.
From there, the “hijackers” can exploit their victims using cryptocurrency.
Specifically, they redirect the victim’s funds to the perpetrator instead of to the legitimate recipient.
Another method is “email lure,” a tactic similar to phishing.
The emails, usually appearing to be work or corporate related, contain a HyperText Markup Language (HTML) file similar to Microsoft Word and display a variety of error messages.
I was greeted with the message “Word Online extensions are not installed” and a bogus button to click to “fix” it.
Similarly, Proofpoint said the widespread attack asked users to open PowerShell and copy malicious code.
“The campaign included more than 100,000 messages and targeted thousands of organizations around the world.”
Microsoft’s cloud storage, OneDrive, was also misrepresented in a similar way.
“The fake error message uses sophisticated social engineering to appear as a legitimate notification from the operating system,” Proofpoint noted.
“By presenting both the problem and the solution, viewers are empowered to take action quickly without having to consider the risks.”
However, there is a silver lining in that this attack chain requires significant user interaction to succeed.
In short, act wisely and never download anything unauthorized or suspicious.
Widely used browsers and programs like Chrome and Word would never ask a user to manually enter a code into another application for basic functionality.
