Proofpoint has recently discovered a new attack vector that cybercriminals are using to compromise users’ computers. In this scheme, users are prompted with a notification pop-up on a webpage, in a Word document or when opening a PDF file, saying that there is a problem. And the notification will include a button saying something like “How to Fix” or “Auto-Fix”.
The fake instructions for how to “fix” the problem will typically ask the user to copy and paste some code into Windows PowerShell or the Run dialog box. Because this code is only being copied and pasted, most antivirus software will not have an opportunity to inspect and catch the malicious code. Once this code is run by the victim on their computer, it triggers the download of additional malware and other nefarious activities.
Clemson University users should exercise caution if presented with this error, and it is recommended to reach out to the area’s IT Consultant for assistance.
For additional details, please see the full article on the Proofpoint website.
