1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This fake job offer scam will just infect your device with deadly

    From TechnologyDaily@1337:1/100 to All on Fri Oct 21 20:15:03 2022
    This fake job offer scam will just infect your device with deadly malware

    Date:
    Fri, 21 Oct 2022 18:55:39 +0000

    Description:
    Job seekers warned about yet another fake job campaign, but the threat could be evolving into something worse.

    FULL STORY ======================================================================

    Cybersecurity researchers have spotted yet another fake job campaign distributing deadly malware.

    Mandiant's latest report found that a new version of known malware threat Ursnif (also known as Gozi) has been reported in the wild.

    Unlike the previous versions, this one does not carry its usual banking
    trojan functionalities, prompting researchers to speculate the malware is being modded to distribute ransomware . Fake job offers on LinkedIn

    Mandiant dubbed this version LDR4, after spotting it in late June 2022. To distribute the malware, the threat actors are creating fake LinkedIn
    accounts, posing to be recruiters for major companies. After reaching out to their targets and engaging in a conversation to establish some legitimacy, they share a link.

    The linked website then demands victims solve a CAPTCHA challenge to download an Excel document that claims to offer more details about the position, but actually carries a malicious macro that fetches the malware from a remote location.

    As LDR4 comes in the form of a .DLL file (loader.dll), is packed by portable executable crypters, and is signed with valid certificates, it evades detection from some antivirus solutions, the researchers warned. READ MORE

    Here are the best ID theft protection solutions around

    This sneaky Microsoft Excel malware could put your organization at risk of
    attack


    These fake US government job ads are spreading more malware

    Once the .DLL file runs, it collects system service data from the Windows registry and generates a user and system ID. It also connects to the
    malware's command and control server (C2) to obtain the list of commands it needs to execute.

    Currently, the researchers can't 100% confirm Ursnifs endgame, but they did note that a threat actor was allegedly observed asking for partners to distribute ransomware and the RM3 version of Ursnif via underground hacking forums.

    The last time we heard of Ursnif was in January 2022 , when HP Wolf Security observed it being distributed, via weaponized Excel files, among Italian-speaking users. Check out the best firewalls out there today

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/this-fake-job-offer-scam-will-just-infect-your- device-with-deadly-malware/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)