A recent cybersecurity alert has revealed a sophisticated new malware campaign that targets Microsoft device users by impersonating Microsoft Word and Google Chrome. The Proofpoint Online Security Company has been monitoring this malicious campaign since March, warning that cybercriminals are using creative attack chains to trick unsuspecting users into downloading harmful files.
The malware, known as ClearFake, poses as a fake update for web browsers like Chrome, deceiving users into downloading a set of harmful files that then execute a delayed Trojan horse attack. This attack can result in cybercriminals gaining access to cryptocurrencies, sensitive files, and personal information.
Researchers at Proofpoint first observed this new malware spread in early April with the ClearFake campaign, which compromises legitimate websites with malicious HTML and JavaScript. Cybercriminals use fake Chrome update messages and phishing emails to trick victims into executing malicious code in PowerShell, which redirects cryptocurrency transactions to the perpetrators.
The campaign has sent over 100,000 messages to thousands of organizations worldwide, with the malware also mimicking Microsoft’s cloud storage, OneDrive, for malicious intent. The fake error messages used in the phishing emails are designed to appear as authorized notifications coming from the operating system, providing both a problem and a solution to prompt immediate action without consideration of the risk.
As the Internet risk landscape continues to evolve, cybersecurity experts are urging consumers to remain vigilant and be cautious when interacting with suspicious messages or emails. The increasing sophistication of malware attacks highlights the need for organizations to prioritize cybersecurity measures and implement robust security protocols to protect against potential threats. It is important for users to be aware of these deceptive techniques and employ security best practices to safeguard their personal and sensitive information online.
Article Source
https://www.ndtv.com/feature/microsoft-and-google-chrome-users-targeted-by-sophisticated-malware-campaign-5930168
