14 DAY TRIAL // Cybercriminals are trying to trick users into installing malware on their computers with the aid of bogus Dropbox emails that instruct recipients to reset their passwords.
According to AppRiver, the fake notifications read something like this: “Hi admin, You recently requested a link to reset your Dropbox password. The old one is now marked as ‘dangerous.’ Please follow the link to reset password.”
Those who click on the link are taken to a bogus Microsoft website that instructs users to update their browser.
So-called update files are available for Chrome, Internet Explorer and Firefox users. In reality, the served files are not web browser updates, but a version of the notorious data-stealing ZeuS Trojan.
The domain on which the malicious site is hosted is dynamooblog.ru. The same domain has been used in a similar Dropbox spam campaign analyzed by Conrad Longmore of the real Dynamoo’s Blog.
If you come across such emails, delete them immediately.