Your browser is obsolete!

The page may not load correctly.

  • add to favourites
    Add to Bookmarks

Please find attached the malicious instructions

Read: 861 Comments: 3 Rating: 8

When it comes to phishing attacks, it goes without saying that accountants are often the targets. They are bombarded by emails from revenue services, fine notifications, and requests for copies of all kinds of documents.

#drweb

This creates the impression that it is specifically accountants who are the most naive users; that they open all emails indiscriminately and ignore safety rules. So it can be easy to forget that companies employ people besides accountants and they can be just as careless. Especially, if they receive a tempting job offer.

Application developers who share their code on GitHub became the victims of a new phishing campaign. Site visitors received emails supposedly containing job offers and had their systems infected with a modular Trojan dubbed Dimnie.

"Hello, my name is Adam Buchbinder; I saw your GitHub repo and I'm pretty impressed. The point is I have an open position in my company and it looks like you’re a good fit"—this is how one scam email begins.

The potential employer is offering a job, but all the terms are laid out in an attached doc file. If the contents of the attached archive are extracted, a Word document featuring macros will open. The macros contain PowerShell commands for downloading and installing the Dimnie Trojan.

http://www.securitylab.ru/news/485730.php?ref=123

Alas, nowadays any message containing a job offer may prove to be phishing bait.

Many people don’t remove their CVs from job search sites even after they’ve found a job; either they completely forget about them, are being lackadaisical, or are just monitoring what salaries are being offered for a similar position. By learning about a would-be-target's occupation, attackers can compose an offer that will include personal information and thus appear to be legitimate.

So, if a project manager, developer or any other person in charge opens an attached file, it can cause a massive data leak.

Dr.Web recommends

  • Maintain your vigilance.
  • If you don't use macros in documents, disable the feature. The fewer operations your computer performs behind your back, the more secure your system will be.
  • If you work with documents, do use an anti-virus. Scammers can employ social engineering techniques to mislead users, but the anti-spam filter won't fall for their tricks.

Rate this issue and receive Dr.Weblings! (1 vote = 1 Dr.Webling)

Sign in and get 10 Dr.Weblings for sharing the link to this issue via social media.

[Twitter]

Unfortunately, due to Facebook's technical limitations, Dr.Weblings cannot be awarded. However, you can share this link with your friends for free.

Tell us what you think

Leave your comment on the day of publication and get 10 Dr.Weblings, or get 1 Dr.Webling for a comment posted any other day. Comments are published automatically and are reviewed by a moderator. Rules for leaving comments about Doctor Web news items.

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments