Web applications – Fiverr and Freelancer which provide freelancing services to customers worldwide are abused by the hackers as they used the aforementioned platforms to deliver malware masked as job offers. Malware executes and installs keyloggers in victim’s files that came under the façade of ‘job description’ entailed in attachments.
The attacker tries to generate a counterfeit job offer for multiple users. AgentTesla and Remote Access Trojans (RATs) are two examples of keyloggers that can potentially be installed in a victim’s system. Referring to a report of MalwareHunterTeam, the attacks of such nature are preying upon widely used freelancing platforms Freelancer and Fiverr.
Unveiling the attack mechanics
The malicious malware which appears to be legitimately incorporated attacks the computer systems with Remote Desktop Monitoring software and keyloggers. Seeking assistance, victims resorted to the creator of the job offers when attacked via the documents sitting on the aforementioned freelancing platforms.
For instance, if the motive of an attacker is to take over a user’s mobile device, the user will be denied access to the document on his computer system and consequently be convinced that the document can only be opened on a mobile device. Cybercriminals have gauged unprecedented and innovative methods of injecting their malware and even worked upon the ease of injection of the malware- assisting the victims throughout the installation.
Users, while browsing these freelancing websites are advised to ensure the presence of an updated anti-virus software and OS patches on their systems. If any attachment appears dubious, users are advised to run it through ‘Virustotal’ and similar websites to cross-check the credibility.