Fake Office 365 site installs malware as browser update

malware browser update
(Image credit: Pixabay)

Microsoft users have been warned to watch out for a fake Office 365 site which is pushing malware disguised as a software update.

The site, discovered by researchers at MalwareHunterTeam, is designed to resemble a Microsoft-owned site, and even contains links that direct to pages hosted on Microsoft domains.

However after being on the site for a few seconds, users are presented with an alert saying that their browser needs to be updated in order to stay online.

Fake update

The site even presents different landing pages depending on the browser being users, offering up alerts tailored to Chrome and Firefox users which say their supposedly outdated software version could lead to errors and loss of data.

Clicking on the update button will lead to the downloading of the TrickBot Trojan, which will install itself onto the victim's device and begin transmitting information about their online habits.

TrickBot is a particularly nasty form of malware that is notorious for stealing user information such as passwords as well as browsing history and autofill data. This form installs itself into the Windows svchost.exe service, meaning it is largely hidden from detection in Task Manager.

The researchers behind the detection say that anyone affected by the scam should immediately perform a scan of their device, and ensure any passwords used on there are changed immediately.

Via Bleeping Computer

Mike Moore
Deputy Editor, TechRadar Pro

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.