Hackers Set Up Fake OneDrive Sites to Trick Users into Installing Trojans

TapTechNews August 4th news, security company Trellix released a report stating that recently there have been hackers setting up counterfeit OneDrive websites, using the pretext of 'unable to connect to the service' to trick users into running PowerShell phishing commands, thus making the victims 'install Trojans on their own computers'.

It is known that the hackers first set up a counterfeit OneDrive website, and then sent phishing emails with HTML attachments in batches to users. The attachment claims that the user has received a file sharing request named 'Reports.pdf'. When the user clicks the link attached to the email and enters the 'OneDrive website', the relevant website will claim that the user encounters the error code Error0x8004de86 and requires the user to'manually update the DNS cache' to solve the problem, and then a series of PowerShell commands will be provided to trick the user into installing Trojans on their own.

TapTechNews learned that after the user enters the command in the terminal, the system will automatically download the AutoIT malicious script, and after the script is deployed, the computer will display 'operation successful' and require the user to'reload the web page'. The security company mentioned that such a seemingly 'normal' operation makes it difficult for the victim to detect that there is something abnormal.

In order to prevent such attacks, the security company warns users to be vigilant and not to easily view emails from unknown sources, and especially not to click on the attachments/web links in these emails, thereby reducing the risk of being hacked.