Freelancers Being Targeted With Malware Disguised as Job Offers

Update – Abby from Fiverr has made the following statement to LHN

“Operating across 190 countries and with millions of community members, Fiverr uses the latest anti-fraud and data security measures to protect everyone who relies on our platform against malware and other attacks. Any attempts to publish or send malicious content with the intent to compromise another member’s account or computer environment is strictly prohibited on Fiverr, and we act aggressively against it.”

Main content –

Hackers are using freelancing web applications such as the Fiverr and Freelancer to distribute malware disguised as job offers which contain attachments that are pretending to be a job description but are actually installing keyloggers in victim files.

There are keyloggers such as AgentTesla and Remote Access Trojans (RATs) which can be installed in a victim’s computer system. According to a report from the MalwareHunterTeam, these type of attacks are being implemented on freelancing platforms Fiverr and Freelancer.

As you can see in the Screenshot below the attacker is trying to create a fake job offer for multiple users.

How Are Victims Being Infected?

Most of these offers look legitimate but are coded with malicious malware that will attack the victim’s systems with keyloggers and Remote Desktop Monitoring software. Some of the victims are asking for support from the creator of the job offer for the freelancers when experiencing problems with documents that are shared on these freelancing platforms.

For example if an attacker wished to gain control of a users mobile device they would say the document cannot be opened on a PC and instead can only be opened on a mobile device. Attackers are using innovative ways to distribute their malware and also going the extra mile in “helping” these victims to install their malware on the devices. It is important to have updated anti-virus software and OS patches installed on your systems. If you are unsure of an attachment run it through websites such as Virustotal, also consider using a separate sandbox environment for opening attachments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients