OneDrive for Business linked to malware menace

News
By last updated

Legitimate accounts are being compromised to spread malware

Microsoft’s OneDrive for Business cloud storage locker is apparently being used to host and attempt to spread malware, so be warned if you’re emailed links to the service which seem at all suspicious.

According to Forcepoint Security Labs, cybercriminals have been engaging in this practice since August, using an unknown number of compromised OneDrive accounts and MySite links which can be shared with third-parties via email.

Should you click on such a dodgy link, it will download an infected archive file or EXE, with obvious dire repercussions.

And these malware-laden links are apparently being spread by major email campaigns firing them off to as many potential victims as possible.

The sample of this scam provided by Forcepoint is a typical one – it uses an invoice linked in the OneDrive for Business account to try to tempt the victim into opening it (an ‘unpaid’ bill or invoice is a common trick to immediately make the victim curious as to exactly what they ‘owe’).

  • In dire need of a new computer? These are the best PCs of 2016

Matter of trust

The criminals also hope that by using OneDrive for Business, their dodgy links are more likely to be trusted. Particularly because these are genuine OneDrive accounts which have been compromised.

This scam is predominantly targeting Australia and the UK right now, with 55% of emails sent to the former country, and 40% sent to British citizens. It’s certainly one worth keeping an eye out for – indeed, when you receive any sort of link in an email, you should regard it with a healthy amount of suspicion, whether it’s to OneDrive, or any other cloud storage service for that matter.

Roland Dela Paz, a senior security researcher at Forcepoint, also warned that businesses must be alert to this threat and possible reputational damage. He commented: “While it is unknown how OneDrive for Business accounts are being compromised, it entails additional risk not only for the compromised user but also for the affected business as it means that the attackers may also have access to other business assets and contacts.

“In addition, the URL format of OneDrive for Business download links contain the business domain name of a compromised user. This can consequently tarnish the reputation of a business.”

Via: Betanews

TOPICS
Darren Allan

Darren is a freelancer writing news and features for TechRadar (and occasionally T3) across a broad range of computing topics including CPUs, GPUs, various other hardware, VPNs, antivirus and more. He has written about tech for the best part of three decades, and writes books in his spare time (his debut novel - 'I Know What You Did Last Supper' - was published by Hachette UK in 2013).

Latest in Pro
cybersecurity
What's the right type of web hosting for me?
Security padlock and circuit board to protect data
Trust in digital services around the world sees a massive drop as security worries continue
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
An image of network security icons for a network encircling a digital blue earth.
US government warns agencies to make sure their backups are safe from NAKIVO security issue
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
This top WordPress plugin could be hiding a worrying security flaw, so be on your guard
construction
Building in the digital age: why construction’s future depends on scaling jobsite intelligence
Latest in News
Ray-Ban Meta Smart Glasses
Samsung's rumored smart specs may be launching before the end of 2025
Apple iPhone 16 Review
The latest iPhone 18 leak hints at a major chipset upgrade for all four models
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 24 (game #1155)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 24 (game #386)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 24 (game #652)
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 23 (game #1154)
More about pro
Silicon Motion MonTian 128TB SSD

More 128TB SSDs on the way, but they won't be cheaper: Key maker of NAND flash controllers says 128TB SSDs are shipping
Toshiba HDD Innovation Lab

How to make hard drives faster? Simple, just bunch dozens of them together, Toshiba says
Compal Infinite Laptop

This laptop has a horizontal rollable display that extends to 18 inches, and I can't wait to try it
See more latest
Most Popular
Compal Infinite Laptop
This laptop has a horizontal rollable display that extends to 18 inches, and I can't wait to try it
Silicon Motion MonTian 128TB SSD
More 128TB SSDs on the way, but they won't be cheaper: Key maker of NAND flash controllers says 128TB SSDs are shipping
Toshiba HDD Innovation Lab
How to make hard drives faster? Simple, just bunch dozens of them together, Toshiba says
Asus Ascent GX10
Asus debuts its own mini AI supercomputer: Ascent GX10 costs $2999 and comes with Nvidia's GB10 Grace Blackwell Superchip
Ray-Ban Meta Smart Glasses
Samsung's rumored smart specs may be launching before the end of 2025
Quordle on a smartphone held in a hand
Quordle hints and answers for Monday, March 24 (game #1155)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Monday, March 24 (game #652)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Monday, March 24 (game #386)
Apple iPhone 16 Review
The latest iPhone 18 leak hints at a major chipset upgrade for all four models
Micron SOCAMM memory module
World's biggest RAM vendors develop superior memory form factor exclusively for Nvidia, sorry Intel and AMD