Attackers have created a fake Office 365 site that is distributing the TrickBot password-stealing Trojan disguised as Chrome and Firefox browser updates. In BleepingComputer’s testing, this fake Office 365 site found by MalwareHunterTeam looks like any site that would normally belong to Microsoft. In fact all of its links point to pages hosted on Microsoft domains.
Corin Imai, Senior Security Advisor at DomainTools:
“This Office 365 scam is worrying for a number of reasons. Firstly, the widespread use of Office 365 as an enterprise tool means this scam casts an incredibly wide net. Secondly, the sophistication of the fake Microsoft webpage, which is so convincing it is likely to fool even some of the most diligent 365 users, particularly as the links send users to pages hosted on Microsoft domains. The Trickbot trojan is one which is difficult to detect and is extremely adept at stealing information, meaning bad news if you do install this.
The good news however is that people seem to be getting better at detecting phishing scams. A DomainTools survey a Infosecurity Europe showed success rates of around 90% in telling apart phishing scams from legitimate websites for huge companies such as Apple, eBay and Netflix. If you do suspect a phishing scam, the best advice is still to not click on anything unless you are 100% sure of its authenticity.”