CP
cyberpings
Malware & RansomwareHIGH

Malware - Fake Job Offers Spread via Google Forms

MWMalwarebytes Labs
PureHVNCGoogle FormsmalwareRemote Access Trojanjob scams
🎯

Basically, fake job offers on Google Forms can secretly install malware on your device.

Quick Summary

A new malware campaign is using fake job offers on Google Forms to spread PureHVNC RAT. This poses a significant risk to unsuspecting job seekers. Stay vigilant and verify sources before downloading files.

What Happened

A new malware campaign has emerged, cleverly using Google Forms to distribute PureHVNC, a type of Remote Access Trojan (RAT). Attackers are leveraging business-related lures, such as job interviews and project briefs, to trick victims into downloading malicious files. Instead of the usual phishing emails, these attackers are embedding links in seemingly legitimate Google Forms.

Once a victim clicks on a link to download a ZIP file, they unknowingly initiate a multi-stage infection process. This method is particularly alarming because it exploits the trust users place in familiar platforms like Google Forms, making it easier for attackers to bypass security measures.

Who's Being Targeted

The campaign primarily targets individuals seeking job opportunities or involved in business processes. The attackers impersonate real companies, using their names and logos to create convincing forms. This tactic not only enhances the credibility of the scam but also increases the likelihood that victims will engage with the malicious content.

Platforms like LinkedIn are often used to disseminate these links, further targeting professionals who may be more susceptible to such scams. The forms typically request professional information, making them appear legitimate and increasing the chances of successful infection.

Signs of Infection

Once the malicious ZIP file is downloaded, it usually contains both legitimate files and an executable file that triggers the infection. The executable is often bundled with a DLL file, which is executed through a technique known as DLL hijacking. This allows the malware to run while appearing to be part of a legitimate process.

The PureHVNC malware can take full control of the infected device, allowing attackers to steal sensitive information, including data from browsers and cryptocurrency wallets. Users may not immediately notice signs of infection, as the malware operates stealthily, gathering information and maintaining persistence on the device.

How to Protect Yourself

To stay safe from this evolving threat, it is crucial to remain vigilant when interacting with Google Forms. Here are some essential tips:

  • Always verify the source of any Google Form before providing personal information or downloading files.
  • Be cautious of links that redirect through URL shorteners, as they may hide the true destination.
  • If you receive a job offer or business-related request, confirm it through official channels before taking action.

By being aware of these tactics and maintaining a cautious approach, you can significantly reduce the risk of falling victim to this malware campaign.

🔒 Pro insight: This campaign's use of Google Forms reflects a shift in phishing tactics, leveraging trusted platforms to evade detection.

Original article from

Malwarebytes Labs

Read Full Article

Share

Related Pings

HIGHMalware & Ransomware

Ransomware - EDR Killer Tactics Expand Beyond Drivers

Ransomware actors are evolving their tactics, moving beyond exploiting vulnerable drivers to disable endpoint security. This shift poses serious risks to organizations, making it crucial to enhance defenses against these sophisticated attacks.

Cyber Security News·
HIGHMalware & Ransomware

Malware Alert - Google Implements 24-Hour Wait for Sideloading

Google has introduced a 24-hour wait for sideloading unverified apps to combat rising malware threats. This change is crucial for Android users' safety. Developers express concerns about barriers to entry amid these security measures.

The Hacker News·
HIGHMalware & Ransomware

LeakNet Ransomware - What You Need to Know Now

LeakNet, a ransomware gang posing as journalists, is using fake CAPTCHA pages to trick employees into compromising their security. Organizations need to be aware of this tactic to protect sensitive data.

Graham Cluley·
HIGHMalware & Ransomware

Speagle Malware - Hijacks Cobra DocGuard to Steal Data

A new malware named Speagle is targeting Cobra DocGuard, stealing sensitive data through compromised servers. Organizations using this software are at high risk. Immediate action is needed to secure systems and prevent data theft.

Cyber Security News·
HIGHMalware & Ransomware

GSocket Backdoor - Malicious Bash Script Discovered

A malicious Bash script has been discovered that installs a GSocket backdoor on victims' computers. This poses a significant risk as the source and delivery method remain unknown. Users should be vigilant and avoid executing untrusted scripts.

SANS ISC·
HIGHMalware & Ransomware

DDoS Botnets Disrupted - International Action Taken

International authorities have disrupted major DDoS botnets targeting IoT devices. Millions of devices were compromised, causing significant service disruptions. This operation aims to prevent future attacks and protect critical infrastructure.

BleepingComputer·