Watch out — that Microsoft OneDrive security warning could actually be a malware scam
Hackers are giving old phishing techniques a new twist
Hackers are giving the old “phishing with errors” scam a modern twist in a bid to trick victims into downloading dangerous malware onto their PCs.
Cybersecurity researchers from the Trellix Advanced Research Center have revealed how they recently observed a new campaign that targets Microsoft OneDrive users.
In the campaign, the victims get an email address with a .HTML file attached, typically named “Reports.pdf”, in an attempt to trick the victim into thinking it’s an important, work-related document. When the victims open it, they get a window that resembles Microsoft OneDrive, with an error message stating that the device could not connect, and that the error needs to be addressed manually.
Social engineering tactics
“Failed to connect to the 'OneDrive' cloud service. To fix the error, you need to update the DNS cache manually." The message reads. The window also features two buttons: “Details”, and “How to fix.” Clicking the “Details” button redirects the victims to a legitimate page on Microsoft Learn that discusses troubleshooting DNS problems.
The “how to fix” button, though, triggers a function call GD, with a .js script embedded in the .HTML file. It also loads secondary instructions that the victims must follow.
“This campaign heavily relies on social engineering tactics to deceive users into executing a PowerShell script, thereby compromising their systems,” the researchers explain. “This combination of technical jargon and urgent error messages is a classic social engineering tactic, designed to manipulate the user's emotions and prompt hasty action without careful consideration.”
This “hasty action” includes bringing up the Windows PowerShell terminal and then pasting and executing a malicious command. The majority of the victims seem to be located in the US, South Korea, Germany, India, Ireland, Italy, Norway, and the UK.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Ever since the death of the macro, cybercriminals have been looking for working alternatives to sharing malware via email.
More from TechRadar Pro
- Phishing scams playbook: Adapting to keep up with malicious AI
- Here's a list of the best firewalls today
- These are the best endpoint protection tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.