September 26, 2018 at
A malicious macro campaign is currently ongoing and its target is on freelancers working on various casual and freelance platforms. This campaign is structured in such a way that freelancers receive certain documents deceptively tagged as job briefs whereas, they are malware says MalwareHunterTeam.
Fiverr and Freelancer.com Affected
The two freelancing platforms where MalwareHunterTeam reported to have identified the malicious scheme are Fiverr (a renowned freelance marketplace) and freelancer.com which hosts millions of employers and freelancers.
Typically, casual workers, freelancers, and even international contractors depend on communication via email and internet as a way of fostering relationships and getting new job prospects. That is one reason it may be hard to get rid of email communication among this category of people. Unfortunately, as useful and helpful email communication is, it is now the means by which cybercriminals perpetuate their nefarious activities.
The email examples put forward by MalwareHunterTeam to establish this latest infraction don’t look suspicious in any way. The hackers tell the about-to-be victim to open and check the sent documents. In that document, they are instructed to get back to them (the attacker) with their “cost and time frame.”
Saw an NG actor using @fiverr to spread.
And in this case, the poor girl opened the doc…
People, if you are opening files from random people, at least have an AV installed. And of course, don’t enable macros… pic.twitter.com/nfC3ahmMUj
— MalwareHunterTeam (@malwrhunterteam) September 21, 2018
However, in one of the cases identified, a passionate job seeker on Fiverr reportedly opened the said document only to find that it was malicious. This was not different from another instance on freelancer.com where a freelancer claimed to receive a “My details doc” file which when he opened, contained malware.
Thanks to a very competent antivirus which the second freelancer had. He was promptly alerted and the malware was cleaned. Researchers say that a number of people on these platforms have thus been contacted.
According to MalwareHunterTeam, the unsuspecting victims do get back to the sender complaining that the file couldn’t open. The attackers responded by asking exactly what the issue was. After receiving it from the freelancer, they now offer their ways of opening it which is in actual fact a means to get infected.
The Nature of the Documents
From the look of things, MalwareHunterTeam speculates that the document may contain macros that are often employed for malware payloads download. This approach is the most common of the approaches used by the attacks to invade people’s PCs unlawfully.
As an example, LuckMouse which speaks Chinese has once been associated with certain campaigns known to use malicious contents housed with macros. This arrangement has since been used to take over people’s system because it exploits certain vulnerabilities in Microsoft Word to carry out its plan.
As such, any user whose system is unpatched, with macros, enable, and whose operating system is not updated stands a great risk of falling victim to this latest threat. The risk is greater every time you open a file from someone you don’t know or cannot trust.
How to Be Guided
To stay above board in this latest freelancer attacker, you may have to disenable macros on your system and install some top-notch threat monitoring plus antivirus solution to your system. This is most necessary if you are the type that opens several files from different sources.
When ZDNet reached out to Fiverr on this new development, here was the respond of the platform admin:
Operating across 190 countries and with millions of community members Fiverr uses the latest anti-fraud and data security measures to protect everyone who relies on our platform against malware and other attacks. Any attempts to publish or send malicious content with the intent to compromise another member’s account or computer environment is strictly prohibited on Fiverr, and we act aggressively against it.