Job offers and job descriptions pose a serious risk to people working from home, free agent or so-called Freelancerss. Unknown hackers attack users registered on the sites, with malware, alerts a security company.
In particular, freelancers registered in sites such as Fiverr and Freelancer are being attacked, MalwareHunterTeam claims. Criminals spread to them Agent Tesla and remote administration tools (RAT) under the guise of job ads.
The principle of attackers is very simple.
Users registered with freelance websites are sent messages with a call to discuss the possibility of cooperation. The letters are attached to a Word file with a description of the tasks the freelancer has to accomplish, but it is the threat. A typical job message with an attachment may hide a serious threat to its recipient.
Often, such descriptions are sent as .doc file attachments, so it is relatively easy for the attacker to cheat job candidates. According to MalwareHunterTeam, attackers not only send malicious files but also advise potential victims of how to open documents.
The magnitude of the attack is not yet high.
There are reports of several dozen victims who have received malicious attachments. Obviously, the attack is partly done manually.
Experts note that attackers use the old, but still popular, .doc format instead of the new.Docs, which is a standard extension for Microsoft Word documents in 2007. However, .doc format continues to open from most versions of the text editor PC.
The scenario described by MalwareHunterTeam is realistic, provided the user activates the macros – either on their own or on the recommendation of the attackers, or does not use an appropriate antivirus program.
The judgment of hackers that such a technology of social engineering will work is true. It is not difficult to persuade freelancers to open a .doc file, though such an outdated extension should cause suspicions, as well as the recommendation for activating macros.