14 DAY TRIAL // Microsoft users are being targeted by a new malware campaign whose purpose is to eventually infect devices with the TrickBot password-stealing Trojan.
A fake Office 365 page which looks just like Microsoft’s serves a fake browser update that is used to deploy the malicious payload.
Discovered by the experts at MalwareHunterTeam, the page was specifically designed to look as legitimate as possible, so it even includes links that point to Microsoft domains.
However, a few seconds after landing on the page, users are provided with a warning that is adapted to their browser and which recommends downloads and installing an update. Both Google Chrome and Mozilla Firefox appear to be targeted with such custom warnings.
“You are using an older version of the browser Chrome,” the message displayed on devices where Google Chrome is used for browsing the web reads as per this screenshot published by BP.
The warning is entitled Chrome Update Center or Firefox Update Center, depending on the used browser.
Update your antivirus ASAP
Once the update is downloaded, it deploys the TrickBot Trojan, which is specifically looking for stored passwords, browsing history, and autofill data. It can also create a list of the installed programs and the Windows services running on a device. All the stolen information is then transmitted to a server, with the malware then trying to avoid detection by installing into the Windows svchost.exe.
In other words, it’s more difficult to discover the Trojan on a manual check for malicious processes, albeit antivirus solutions should be able to block it.
This is actually the best way to remain protected: update your antivirus products and if you think your device is already infected, perform a full scan as soon as possible. The built-in Windows Defender available on Windows 10 devices should be able to detect the malware as well.