Attackers are using freelance job sites such as fiverr and Freelancer to distribute malware disguised as job offers. These job offers contain attachments that pretends to be the job brief, but are actually installers for keyloggers such as Agent Tesla or Remote Access Trojan (RATs).

For example, in the screenshot below you can see an attacker creating a fake job offer with the "my details.doc" attachment and sending it to a freelancer.

Attacker creating a fake job offer with malware attachment
Attacker creating a fake job offer with malware attachment

According to MalwareHunterTeam, this type of attack is being used on both Fiverr and Freelancer, where he has seen victims open the malicious document attached to the job offers and become infected.

As job briefs are commonly sent as attachments, to the targets they look like legitimate job offers as seen below.

Example Message
Example fake job offer sent to victim

Victims opening attachments and asking for support

Not only are victims opening the attachments and getting infected, but some of them are asking for support when they have problems opening the document.

For example, a user responded to the attacker stating that they were unable to open it on their mobile device and the attacker responds that they need to open it on their PC.

Attacker supporting victim
Attacker supporting victim

Another victim was having trouble opening the document and the attacker is trying to support them in getting it opened.

Attacker supporting victim
Attacker supporting victim

This goes to show you that attackers are not only using innovative ways to distribute malware, but also going the extra mile to support their victims who have trouble getting infected on their own. As always, it is important to have a updated antivirus solution installed on your computer and to always scan attachments before opening them.

Related Articles:

New Technique Recycles Exploit Chain to Keep Antivirus Silent

Ad Clicker Hiding as Google Photos App Found in Microsoft Store

CoinMiners Use New Tricks to Impersonate Adobe Flash Installers

New Reports Show Increased CyberThreats, User Risks Remain High

Cheap Android Phones and Poor Quality Control Leads to Malware Surprise