Security News > 2024 > June > Fake IT support sites push malicious PowerShell scripts as Windows fixes

Fake IT support sites push malicious PowerShell scripts as Windows fixes
2024-06-30 14:21

Fake IT support sites promote malicious PowerShell "Fixes" for common Windows errors, like the 0x80070643 error, to infect devices with information-stealing malware.

According to eSentire, threat actors are creating numerous fake IT support sites that are specifically designed to help users with common Windows errors, heavily focusing on the 0x80070643 error.

These sites all offer fixes that either require you to copy and run a PowerShell script or import the contents of a Windows Registry file.

eSentire's report outlines how the PCHelperWizard sites will walk users through copying a PowerShell script into the Windows Clipboard and execute it in a PowerShell prompt.

The FixedGuides site does it a bit differently, using an obfuscated Windows Registry file to hide autostarts that launch a malicious PowerShell script.

Scathing report on Medibank cyberattack highlights unenforced MFA. Fake Google Chrome errors trick you into running malicious PowerShell scripts.


News URL

https://www.bleepingcomputer.com/news/security/fake-it-support-sites-push-malicious-powershell-scripts-as-windows-fixes/