Fake Office 365 site installs malware as browser update

[sincity]

Microsoft users have been warned to watch out for a fake Office 365 site which is pushing malware disguised as a software update.

The site, discovered by researchers at MalwareHunterTeam, is designed to resemble a Microsoft-owned site, and even contains links that direct to pages hosted on Microsoft domains.

However after being on the site for a few seconds, users are presented with an alert saying that their browser needs to be updated in order to stay online.

• Chrome and Firefox extensions stealing customer data
• The best browsers of 2019
• Firefox will soon alert users if their saved passwords have been breached

Fake update

The site even presents different landing pages depending on the browser being users, offering up alerts tailored to Chrome and Firefox users which say their supposedly outdated software version could lead to errors and loss of data.

Clicking on the update button will lead to the downloading of the TrickBot Trojan, which will install itself onto the victim's device and begin transmitting information about their online habits.

TrickBot is a particularly nasty form of malware that is notorious for stealing user information such as passwords as well as browsing history and autofill data. This form installs itself into the Windows svchost.exe service, meaning it is largely hidden from detection in Task Manager.

The researchers behind the detection say that anyone affected by the scam should immediately perform a scan of their device, and ensure any passwords used on there are changed immediately.

• The best antivirus services of 2019

Via Bleeping Computer

http://feeds.feedburner.com/~r/techradar/digital-home/~4/7rx5o4CBRs8