Malware disguised as job offers targets freelancers

According to a report from the MalwareHunterTeam, hackers are using freelancing web applications such as the Fiverr and Freelancer to distribute malware disguised as job offers which contain attachments that are pretending to be a job description but are actually installing keyloggers such as Agent Tesla or Remote Access Trojan (RATs)in victim files.

For example, an attacker can create a fake job offer with the “my details.doc” attachment and send it to multiple users. As job briefs are commonly sent as attachments, to the targets they look like legitimate job offers. When the victims open the malicious document attached to the job offers, they become infected.

If an attacker wished to gain control of a user’s mobile device they would say the document cannot be opened on a PC and instead can only be opened on a mobile device.

Not only are victims opening the attachments and getting infected, but some of them are asking for support when they have problems opening the document. Attackers are using innovative ways to distribute their malware and also going the extra mile in “helping” these victims to install their malware on the devices. For example, a user responded to the attacker stating that they were unable to open it on their mobile device and the attacker responds that they need to open it on their PC.

It is important to have updated anti-virus software and OS patches installed on your systems. If you are unsure of an attachment run it through websites such as Virustotal, also consider using a separate sandbox environment for opening attachments.

Leave a Reply