Your browser is obsolete!

The page may not load correctly.

  • add to favourites
    Add to Bookmarks

Please find attached the malicious instructions

Read: 1997 Comments: 2 Rating: 9

Tuesday, August 29, 2017

When it comes to phishing attacks, it goes without saying that accountants are often the targets. They are bombarded by emails from revenue services, fine notifications, and requests for copies of all kinds of documents.


This creates the impression that it is specifically accountants who are the most naive users; that they open all emails indiscriminately and ignore safety rules. So it can be easy to forget that companies employ people besides accountants and they can be just as careless. Especially, if they receive a tempting job offer.

Application developers who share their code on GitHub became the victims of a new phishing campaign. Site visitors received emails supposedly containing job offers and had their systems infected with a modular Trojan dubbed Dimnie.

"Hello, my name is Adam Buchbinder; I saw your GitHub repo and I'm pretty impressed. The point is I have an open position in my company and it looks like you’re a good fit"—this is how one scam email begins.

The potential employer is offering a job, but all the terms are laid out in an attached doc file. If the contents of the attached archive are extracted, a Word document featuring macros will open. The macros contain PowerShell commands for downloading and installing the Dimnie Trojan.

Alas, nowadays any message containing a job offer may prove to be phishing bait.

Many people don’t remove their CVs from job search sites even after they’ve found a job; either they completely forget about them, are being lackadaisical, or are just monitoring what salaries are being offered for a similar position. By learning about a would-be-target's occupation, attackers can compose an offer that will include personal information and thus appear to be legitimate.

So, if a project manager, developer or any other person in charge opens an attached file, it can cause a massive data leak.

The Anti-virus Times recommends

  • Maintain your vigilance.
  • If you don't use macros in documents, disable the feature. The fewer operations your computer performs behind your back, the more secure your system will be.
  • If you work with documents, do use an anti-virus. Scammers can employ social engineering techniques to mislead users, but the anti-spam filter won't fall for their tricks.


Unfortunately, due to Facebook's technical limitations, Dr.Weblings cannot be awarded. However, you can share this link with your friends for free.

Tell us what you think

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.