Cybersecurity experts have revealed that a new campaign targeting Microsoft OneDrive users could trick them into downloading malware. Researchers from Trellix Advanced Research Center have shared that the phishing campaign was done with the aim of executing a malicious PowerShell script.

Users will receive an email address with a .HTML file attached usually titled ‘Reports.pdf,’ to trick users into thinking it’s an important document from work. As soon as its opened, users will get a window that looks like Microsoft OneDrive along with an error stating, “Failed to connect to the ‘OneDrive’ cloud service. To fix the error, you need to update the DNS cache manually.”

There will be two options available including, ‘How to fix’ and ‘Details,’ and the second option will direct users to an actual Microsoft Learn page on troubleshooting. But the first option will take them through steps which launches the PowerShell terminal.

The researchers noted that victims of the attack were normally from the U.S., India, South Korea, Germany, Ireland, Italy, Norway and the UK.

Trellix has been tracking the campaign under the name OneDrive Pastejacking.

Recent phishing campaigns have also become common where emails with links to Microsoft Office Forms from compromised legit email addresses are sent asking users to reveal their Microsoft 365 login credentials under the garb of restoring their Outlook mails.