January 1, New Scam: Users Targeted by Dangerous Copy-and-Paste Scam

Cybersecurity experts are sounding the alarm on a dangerous new scam targeting millions of Americans. If you’re using Google Chrome, listen up because you could be at risk of a copy-and-paste scam that sneaks malware onto your device. Proofpoint, a leading cybersecurity company, has identified a devious tactic using social engineering to run PowerShell and install malware.

Cyber attacks are surging at an unprecedented rate. The Identity Theft Research Center (ITRC) Annual Data Breach Report for 2023 has delivered some alarming numbers: data breaches in the United States have skyrocketed, hitting a record 72% increase from the previous peak in 2021. In just one year, 353 million people were affected.

Here’s what to know about the latest scam and how to protect yourself.

Google Chrome dominates the internet browsing landscape, with 63.6% of global users between July and August 2023, according to Statista. This means billions of people are vulnerable to this new copy-and-paste scam.

The scam aims at unsuspecting Google Chrome users, installing malware designed to steal personal information. Threat actors, including the initial access broker TA571 and at least one fake update activity set, are leveraging this tactic to distribute malware like DarkGate, Matanbuchus, NetSupport, and various information stealers, Proofpoint reports.

The scam works by presenting a seemingly innocent popup text box that claims an error has occurred while opening a document or webpage. The popup then instructs users to copy and paste the given text into a PowerShell terminal or the Windows Run dialog box.

User Interaction is Key

While the scam requires a user’s active participation, Proofpoint warns that the social engineering involved is sophisticated enough to trick even the savviest of users. The popup looks like a legitimate problem and solution combo, pushing users to take quick action without evaluating the risk.

How to Stay Safe

With scams growing more complex, maintaining vigilance is crucial. Abhishek Karnik, McAfee’s Head of Threat Research, emphasizes the importance of skepticism: “If an offer or urgent message seems too good to be true, it probably is. Scammers prey on emotions to rush you into hasty decisions. Always take a moment to assess the legitimacy of an offer and consider the source before proceeding.”

Stay safe by avoiding installations of apps or updates unless they are from trusted sources. Always check for reviews to ensure they’re legitimate, and never click on links in emails directing you to an app or update. Stick to official app stores for downloads and consider using a VPN to protect your information. Scammers are always on the prowl, so stay alert and safeguard your personal data.

As our loyal readers, we encourage you to share your thoughts and opinions on this issue. Let your voice be heard and join the discussion below.

Source