Security News > 2024 > July > OneDrive Phishing Scam Tricks Users into Running Malicious PowerShell Script
Cybersecurity researchers are warning about a new phishing campaign that targets Microsoft OneDrive users with the aim of executing a malicious PowerShell script.
The cybersecurity company is tracking the "Crafty" phishing and downloader campaign under the name OneDrive Pastejacking.
The attack unfolds via an email containing an HTML file that, when opened, displays an image simulating a OneDrive page and displays an error message that says: "Failed to connect to the 'OneDrive' cloud service. To fix the error, you need to update the DNS cache manually."
The development comes amid the discovery of a new email-based social engineering campaign distributing bogus Windows shortcut files that lead to the execution of malicious payloads hosted on Discord's Content Delivery Network infrastructure.
Specifically, this involves passing off the HTML payload as an MPEG file to evade detection by taking advantage of the fact that many common archive extractors and SEGs parse the file header information but ignore the file footer that may contain more accurate information about the file format.
"The threat actors utilized a.ZIP archive attachment and when the SEG scanned the file contents, the archive was detected as containing a.MPEG video file and was not blocked or filtered," the company noted.
News URL
https://thehackernews.com/2024/07/onedrive-phishing-scam-tricks-users.html