A new malware-attack that makes use of a fake Office 365 website has been used to deliver TrickBot password-stealing trojan disguised as Chrome and Firefox browser updates.
As per Bleeping Computer, the fake Office 365 website looks very similar to any site of Microsoft. In fact, all of its links point to pages are hosted on Microsoft domains.
FIREFOX and CHROME BROWSERS:
Users visiting this fake website will be displayed with an alert about updating their browsers with the latest version. The alert format is slightly different for Chrome and Firefox users.
If a user using Google Chrome visits the fake website, then they will be shown an alert titled ‘Chrome Update Center’. The alert informs the user that the Chrome browser needs to be updated as using the older version could lead to loss of data and browser errors.
Similarly, Firefox users will see an alert titled ‘ Firefox Update Center’. The content of the alert will be the same as that displayed to Chrome users.
WORKING OF TRICKBOT TROJAN:
Clicking the ‘Update’ button, an executable named ‘upd365_58v01.exe is downloaded. This executable afterword downloads the TrickBottrojan on the computer. The trojan is disguised as a svchost.exe process in order to make it invisible in Task Manager.
How a User should Respond to it?
If you have come across any of these pages and clicked on the ‘Update’ button, then you should immediately perform security scans on your computer. It is also recommended to change the passwords of the accounts you commonly use or have saved in your browser.
Stay Tuned For More Updates (IST)
274 total views, 2 views today