The Register article highlights how cyber criminals are using social engineering to get users to run scripts that they cannot understand to install malware on machines.

This latest Windows malware distribution campaign uses fake Google Chrome, Microsoft Word, and OneDrive error messages that look kinda like real warnings. After visiting a legit but compromised website, victims see some kind of pop-up text box in their browser telling them something went wrong – it’s an old but highly effective trick. One worth knowing, we reckon, so that you can help stop colleagues and others falling for it.

Marks are then instructed to click on a “fix” button, and then paste the displayed code into a PowerShell terminal or Windows Run dialog box. This allows PowerShell to run another remote script that downloads and runs the malware on the victim’s PC.

Proofpoint malware hunters have spotted at least two criminal gangs using this technique to infect people’s machines.

Read more at the original source below.

Source: The Register