Malicious actors have recently been targeting Microsoft Office 365 users in two separate scams – one that distributes the TrickBot information-stealing trojan via a fake website and a phishing campaign that sends fake alerts with the intent to take over the accounts of email domain administrators.
The scams are respectively detailed in a pair of reports from Bleeping Computer. The first report credits MalwareHunterTeam with uncovering a fake Office 365 site that displays a fake alert to site visitors, falsely stating that their browsers need an update.
Clicking on the update button downloads a malicious executable that installs TrickBot on victims’ computers, at which point the malware begins communicating with a command-and-control server to execute various modules capable of exfiltrating user machine details, installed program information, Windows services information, login credentials, browsing history, form autofill information, and more.
The second report warns that phishers are sending emails disguised as Office 365 admin alerts that purportedly address time-sensitive issues such expired licenses or an scams false alerts target office users admins
