Cyber experts have warned that new advanced malware disguised as Google Chrome and Microsoft could steal money from Microsoft device owners.
Since March, online protection company Proofpoint has been warning of ongoing malicious campaigns, saying “cybercriminal threat actors are employing new, diverse and increasingly creative attack chains.”
This month, Proofpoint Identifying larger malware distributionThe malware poses as fake updates for internet browsers like Chrome and mimics programs like Microsoft Word to force users into downloading a malicious string of code.
From there, a delayed Trojan-like attack can give access to cryptocurrency, sensitive files, and personal information.
Fake update prompts often pop up in Google Chrome via “compromised websites” and display a clipboard message to “copy code,” then instruct the computer owner to open PowerShell (a Microsoft program for scripting) and paste the malware themselves.
From there, the “hijacker” can gain access to the victim’s cryptocurrency.
Specifically, this ploy redirects the victim’s funds to the perpetrator instead of to the legitimate recipient.
Another method is “email lure,” a tactic similar to phishing.
The emails, usually believed to be work or corporate related, contain a hypertext markup language file similar to Microsoft Word and display a variety of error messages.
I was greeted with the message “Word Online extensions are not installed” and a bogus button to click to “fix” it.
Similarly, Proofpoint said a widespread deceptive “campaign” encouraged users to open PowerShell and copy malicious code.
According to Proofpoint, “the campaign included more than 100,000 messages and targeted thousands of organizations around the world.”
Similarly, Microsoft’s cloud storage, OneDrive, was also mimicked for malicious purposes.
“The fake error message uses sophisticated social engineering to appear as a legitimate notification from the operating system,” Proofpoint noted.
“By presenting both the problem and the solution, viewers are empowered to take action quickly without having to consider the risks.”
However, there is a silver lining in that this attack chain requires significant user interaction to succeed.
In short, act wisely and never download anything unauthorized or suspicious.
Widely used browsers and programs like Chrome and Word would never ask a user to manually enter a code into another application for basic functionality.