Fake Google Chrome errors trick you into running malicious PowerShell scripts
bleepingcomputer
|
Contributed by: Sarah Richardson
Summary
A recent malware campaign employs deceptive Google Chrome, Word, and OneDrive errors to trick users into executing malicious PowerShell scripts. Multiple threat actors, including ClearFake, ClickFix, and TA571, are using these tactics. The attacks involve fake error messages prompting users to copy a PowerShell “fix” and run it, leading to various malware installations such as DarkGate, Matanbuchus, and NetSupport. These campaigns are spread through compromised websites and HTML email attachments, exploiting users' lack of understanding of the dangers associated with running PowerShell commands. Despite the need for significant user interaction, the social engineering techniques used are effective at deceiving individuals into executing harmful actions on their systems.
