Attackers are spreading macros in a campaign aimed at users of freelance/occasional work platforms
A new cyberattack campaign has specially focused on self-employed people through malicious documents disguised as advertisements and job offers.
According to a firm specializing in ethical hacking, the scheme has been discovered both in Fiverr, a platform of independent professional services, as in , a platform that offers the services of independent workers (freelancers) to millions of companies.
Freelancers, casual workers and international contractors commonly establish communication through emails and other services on the Internet, not only to retain relations with employers but also to find and ensure new opportunities, so it is common to use email attachments. Unfortunately, this has caught the attention of the cybercriminals.
The ethical hacking firm that discovered this campaign conducted some tests of it, using emails similar to those employed in the real campaign. In the test emails, the “attackers” ask the alleged victim to review an attached document and then respond to the attacker whit a budget and a time frame.
One of these examples, a job seeker in Fiverr, opened the document and discovered that the attachment was a malicious file. In another example in, the cybercriminal sent a file that also contained malware. Security investigators stated that “dozens of people” have been contacted in this way on different employment platforms.
Apparently, the documents contain macros that can then be used to download malicious loads. This is a common technique used by cybercriminals to infiltrate computers and extract users’ information.
If your systems are not patched, your operating system is not updated and macros are enabled, you may be at high risk of being a victim of an attack variant similar to the one described here, especially if you open the attached documents you receive by email without paying attention to the sender’s data. However, disabling macros and installing some type of antivirus solution and real-time threat monitoring will help mitigate the threat of exploitation, especially when a company requires you to contact people you don’t know.
Regarding this incident, Fiverr declared for various specialists in ethical hacking: “Since we operate in 190 countries and have millions of members, in Fiverr we use the latest anti-fraud and data protection security measures to protect against malware and other attacks on everyone who trusts our platform. Any attempt to publish or send malicious content with the intent to compromise the account of another member or the environment of your computer is strictly prohibited in Fiverr, and we will act aggressively against these behaviors”.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.