Cybersecurity experts warn of new malware targeting Google, Microsoft users
What's the story
Cybersecurity experts have sounded the alarm over a sophisticated new malware that impersonates Google Chrome and Microsoft Word, with the potential to steal money from Windows owners. Online protection firm Proofpoint has been monitoring this malicious campaign since March, observing cybercriminals "adopting new, varied, and increasingly creative attack chains." The malware operates in a Trojan Horse-like manner, gaining access to cryptocurrencies, sensitive files, and personal information after being downloaded.
Deception
Malware's deceptive tactics: Fake updates and error messages
The malware disguises itself as fake updates in internet browsers like Chrome, and mimics programs such as Microsoft Word to trick users into downloading harmful code. It often prompts a fake update on Chrome through a compromised website, instructing users to "copy the code" provided. Users are then directed to open PowerShell — a Microsoft program for scripts — and paste in the malware, allowing hijackers to gain access to victims' cryptocurrency.
Phishing
Malware also targets corporate emails and OneDrive
The malware also employs an "email lure" tactic, similar to phishing. Work or corporate-related emails contain a hypertext markup language file that resembles Microsoft Word and displays various error messages, tricking users into opening PowerShell and copying over a malicious code. Microsoft's cloud storage service, OneDrive, was also mimicked for malicious purposes with fake error messages designed to appear as authoritative notifications from the operating system.
Information
Cybersecurity firm advises user caution to prevent attacks
Proofpoint has highlighted that this attack chain requires significant user interaction to be successful. The firm suggests that users can protect themselves by being cautious and not downloading anything that appears unauthorized or suspicious.