Microsoft users have been warned to monitor a fake Office 365 site that pushes malware disguised as a software update. The site, discovered by MalwareHunterTeam researchers, is designed to look like a Microsoft-owned site and even contains links to pages hosted on Microsoft domains. However, after being on the site for a few seconds, users receive an alert telling them that their browser needs to be updated to stay online.
Fake update
The site even has different landing pages depending on the browser used, providing alerts tailored to Chrome and Firefox users that their software version that was deemed outdated could lead to errors and data loss. By clicking the update button, you will get the download of the TrickBot Trojan, which will be installed on the victim's device and start transmitting information about their online habits. TrickBot is a particularly malicious form of malware known for stealing user information such as passwords, browsing history, and autofill data. This form is installed in the svchost.exe Windows service, which means it is largely hidden from detection in Task Manager. The researchers behind the detection say that anyone affected by the scam should immediately scan their device and ensure that all passwords used are changed immediately. Through the bleeding computer