This fake job offer scam will just infect your device with deadly malware

Cybersecurity researchers have spotted yet another fake job campaign distributing deadly malware.  Mandiant's latest report found tha...

Cybersecurity researchers have spotted yet another fake job campaign distributing deadly malware. 

Mandiant's latest report found that a new version of known malware threat Ursnif (also known as Gozi) has been reported in the wild.

Unlike the previous versions, this one does not carry its usual banking trojan functionalities, prompting researchers to speculate the malware is being modded to distribute ransomware.

Fake job offers on LinkedIn

Mandiant dubbed this version LDR4, after spotting it in late June 2022. To distribute the malware, the threat actors are creating fake LinkedIn accounts, posing to be recruiters for major companies. After reaching out to their targets and engaging in a conversation to establish some legitimacy, they share a link.

The linked website then demands victims solve a CAPTCHA challenge to download an Excel document that claims to offer more details about the position, but actually carries a malicious macro that fetches the malware from a remote location. 

As LDR4 comes in the form of a .DLL file (loader.dll), is packed by portable executable crypters, and is signed with valid certificates, it evades detection from some antivirus solutions, the researchers warned. 

Once the .DLL file runs, it collects system service data from the Windows registry and generates a user and system ID. It also connects to the malware's command and control server (C2) to obtain the list of commands it needs to execute. 

Currently, the researchers can't 100% confirm Ursnif’s endgame, but they did note that a threat actor was allegedly observed asking for partners to distribute ransomware and the RM3 version of Ursnif via underground hacking forums. 

The last time we heard of Ursnif was in January 2022, when HP Wolf Security observed it being distributed, via weaponized Excel files, among Italian-speaking users. 

Via: BleepingComputer



from TechRadar - All the latest technology news https://ift.tt/9lr7PE1
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,24916,TrendlyNews,8,Video,5,XIAOMI,13,YouTube - 9to5Google,7,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: This fake job offer scam will just infect your device with deadly malware
This fake job offer scam will just infect your device with deadly malware
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2022/10/this-fake-job-offer-scam-will-just.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2022/10/this-fake-job-offer-scam-will-just.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy