1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • These fake US government job ads are spreading more malware

    From TechnologyDaily@1337:1/100 to All on Mon Oct 3 21:30:04 2022
    These fake US government job ads are spreading more malware

    Date:
    Mon, 03 Oct 2022 20:14:07 +0000

    Description:
    Someone's using fake job ads to distribute Cobalt Strike beacons in the US
    and New Zealand.

    FULL STORY ======================================================================

    Cybercriminals are preying on job seekers in the United States and New
    Zealand to distribute Cobalt Strike beacons, but also other viruses and malware , as well.

    Researchers from Cisco Talos claim an unknown threat actor is sending out multiple phishing lures via email, assuming the identity of the US Office of Personnel Management (OPM), as well as the New Zealand Public Service Association (PSA).

    The email invites the victim to download and run an attached Word document, claiming it holds more details about the job opportunity. Remote code execution

    The document is laced with macros which, if run, exploit a known
    vulnerability tracked as CVE-2017-0199, a remote code execution flaw fixed in April 2017. Running the macro results in Word downloading a document template from a Bitbucket repository. The template then executes a series of Visual Basic scripts which, consequently, downloads a DLL file called "newmodeler.dll". That DLL is, in fact, a Cobalt Strike beacon.

    There is also another, less complicated distribution method, in which the malware downloader is fetched directly from Bitbucket.

    With the help of a Cobalt Strike beacon, the threat actors can remotely execute various commands on the compromised endpoint, steal data, and move laterally throughout the network, mapping it out and finding more sensitive data. Read more

    Fake Crypto.com job offers targeting developers and artists to spread
    malware


    This latest LinkedIn scam sends fake job offers to lure victims in


    Check out the best firewalls around

    The researchers claim the beacons communicate with a Ubuntu server, hosted by Alibaba, and based in the Netherlands. It contains two self-signed and valid SSL certificates.

    Cisco did not name the threat actors behind this campaign, but there is one prominent name thats been engaged in numerous fake job campaigns lately, and thats Lazarus Group.

    The infamous North Korean state-sponsored threat actor has been targeting blockchain developers, artists working on non-fungible tokens (NFT), as well as aerospace experts and political journalists with fake jobs, stealing cryptocurrencies and valuable information. Here's our rundown of the best endpoint protection tools right now

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/these-fake-us-government-job-ads-are-spreading- more-malware/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)