Watch out — that Microsoft OneDrive security warning could actually be a malware scam

Hackers are giving old phishing techniques a new twist

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Hackers are giving the old “phishing with errors” scam a modern twist in a bid to trick victims into downloading dangerousmalwareonto their PCs.

Cybersecurity researchers from the Trellix Advanced Research Center haverevealedhow they recently observed a new campaign that targetsMicrosoftOneDrive users.

In the campaign, the victims get an email address with a .HTML file attached, typically named “Reports.pdf”, in an attempt to trick the victim into thinking it’s an important, work-related document. When the victims open it, they get a window that resembles Microsoft OneDrive, with an error message stating that the device could not connect, and that the error needs to be addressed manually.

Social engineering tactics

“Failed to connect to the ‘OneDrive’ cloud service. To fix the error, you need to update the DNS cache manually." The message reads. The window also features two buttons: “Details”, and “How to fix.” Clicking the “Details” button redirects the victims to a legitimate page on Microsoft Learn that discusses troubleshooting DNS problems.

The “how to fix” button, though, triggers a function call GD, with a .js script embedded in the .HTML file. It also loads secondary instructions that the victims must follow.

“This campaign heavily relies on social engineering tactics to deceive users into executing a PowerShell script, thereby compromising their systems,” the researchers explain. “This combination of technical jargon and urgent error messages is a classic social engineering tactic, designed to manipulate the user’s emotions and prompt hasty action without careful consideration.”

This “hasty action” includes bringing up the Windows PowerShell terminal and then pasting and executing a malicious command. The majority of the victims seem to be located in the US, South Korea, Germany, India, Ireland, Italy, Norway, and the UK.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Ever since the death of the macro, cybercriminals have been looking for working alternatives to sharing malware via email.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

HPE reveals critical security bug affecting networking access points

A critical Palo Alto Networks bug is being hit by cyberattacks, so patch now

New Secretlab Skins Lite let you overhaul the look of your chair for under $100