Be wary if you see a worrying error message pop up on your computer prompting you to take an action. This is a new popular technique for hackers to install malware.
Computer threats on the Web are numerous and hackers never lack imagination to invent new attack methods. Fraudulent email pretending to be a bank, phone call from fake technical support or even booby-trapped CV sent to recruiters, the techniques are varied but their objectives are always the same: steal sensitive information or install malware on the computer of the target.
Currently, a new and original approach seems to be gaining popularity among cybercriminals: displaying false error messages to trick the user into installing a “fix” themselves, which actually turns out to be a virus. These fraudulent alerts are displayed in the form of windows or pop-ups, when visiting a website or reading an email, and indicate that an error or bug requires action on your part. It then offers a button titled “How to fix” (“how to repair” in French) and invites you, obviously, to click on it and follow the instructions.
Revealed by Proofpoint, this method is more difficult to implement than classic phishing for example, because it requires some specific actions on your part, such as pasting text into PowerShell. It is nevertheless effective because it relies on very popular and widespread applications, such as Chrome, Word and OneDrive. If you visit a compromised website using the Chrome browser, you may see a message indicating that there is a problem with the page and prompting you to copy code into Windows PowerShell to resolve the problem.
You may also receive an email containing an attachment in “.htm” or “.html” format which, when opened, displays a web page imitating Word software. This time, a window appears telling you that the “Word Online” extension is missing and prompting you to fix the problem with the fake Word document displaying by clicking on the button “How to fix“. Hackers can even send you an email containing a link to a OneDrive file that displays one of the famous “0x8004de86” error codes, which you may have already encountered if you use Windows.
Either way, the method is the same: display a fake error message for a nonexistent problem and prompt you to take an action to resolve it. To protect yourself against this attack technique, there is only one solution: remain vigilant. Keep in mind that apps like Chrome, Word or OneDrive will never display a window or pop-up asking you to copy text into PowerShell or click a button.How to fix“. If you view a web page or open an attachment that displays such a window, close it immediately, search the Internet for the message received, and run an antivirus scan if in doubt.