A sophisticated phishing campaign is targeting Microsoft OneDrive users, aiming to trick them into executing a malicious PowerShell script. The attack begins with an email containing an .html file that simulates a OneDrive error page. The fake page urges users to fix a DNS issue by following specific steps. If users comply, they download and execute harmful files, compromising their systems. The phishing campaign is deceptive, with a significant portion of victims located in the U.S., South Korea, Germany, and India.
The attackers use social engineering tactics to increase the likelihood of success, exploiting legitimate OneDrive error codes to make the scam appear credible. Trellix researchers, who uncovered this campaign, emphasize the need for international cooperation to combat such threats. As phishing schemes become more advanced, it’s crucial for users to remain vigilant and for organizations to share intelligence to protect against global cyber threats.