Security News Job applicants being infected with Ransomware

S

soccer97

Level 11
Thread author
Verified
May 22, 2014
517
Some job applicants are having their computers infected with malware (Petya). It is done through multiple methods of exploitation including spear phishing, exploitation of Macros in Microsoft Office (see article). The applicationt gets an email containing a PDF or Excel file which exploits a vulnerability through Macros. Just think about all that PII in applications.

Please ensure that you have disabled macros, applied all updates (even in Office 365 you can manually trigger an update bu going to File > Account > Update).

I know someone (company) who got infected with a newer variety of Dharpa ransomware, of which there is no know decryptor available. An endpoint got infected, and spread to file server. They have been steadily improving their security prior to this.


This is another reason to disable attachment preview in Microsoft Outlook!

Dharpa is becoming more prevalent, be wise.


Source: SHRM
 
  • Like
Reactions: Xtwillight, silversurfer, Der.Reisende and 5 others
Svoll

Svoll

Level 13
Verified
Top Poster
Well-known
Nov 17, 2016
627
Thanks for an interesting, but sad news.

That is wrong on so many levels. Most job seekers are unemployed and without income and getting targeted due to their eagerness to be employed. Think about this, if you are looking for a job, and a prospective employer emails you an application, most won't think twice about filling it out. I would fill it out as soon as possible, if my AV detects it, the only thing that would pop in my mind is a FP. :oops::oops::(:(:( Thanks for the wake up call! Ransomware is rising and rising quickly...
 
  • Like
Reactions: soccer97, Xtwillight, Der.Reisende and 3 others
S

soccer97

Level 11
Thread author
Verified
May 22, 2014
517
I empathize, I really do. This also includes online applicant systems (where you search for jobs, click apply and go through the long application - not restricted to PDF's) Check out that article from SHRM. It gives you the scope of the problem. If I find anymore info, I will try to let you know.
 
  • Like
Reactions: ElectricSheep, Xtwillight, Svoll and 2 others
S

soccer97

Level 11
Thread author
Verified
May 22, 2014
517
Update: Ironically something (no attachment) appeared in my inbox within less than 8 hours after applying for a job.

I received an email, to the email address I used to sign up for the employer's (Applicant Tracking System), Within less than 8 hours after applying for a job, I get an email from a social media platform witj a subject line:"Confirm your account 'Someone else's name' ".

The person's name, real or not is in all caps.

And my PC is/was patched,and protected. I haven't opened the email yet.

I guess my best bet is to contact the social media platform-considering the news article? Opening that email even in OWA may result in a ransomware infection, though there is no attachment, but a link. Opening the message seems far less than appealing. Ironic Timing?


Time to change password for email address, do a Scan with ESET and Zemana and I guess enable 2FA for email.

Any other advice? Please?
 
Last edited:
  • Like
Reactions: Xtwillight and Svoll
Atlas147

Atlas147

Level 30
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 28, 2014
1,990
soccer97 said:
Update: Ironically something (no attachment) appeared in my inbox within less than 8 hours after applying for a job.

I received an email, to the email address I used to sign up for the employer's (Applicant Tracking System), Within less than 8 hours after applying for a job, I get an email from a social media platform witj a subject line:"Confirm your account 'Someone else's name' ".

The person's name, real or not is in all caps.

And my PC is/was patched,and protected. I haven't opened the email yet.

I guess my best bet is to contact the social media platform-considering the news article? Opening that email even in OWA may result in a ransomware infection, though there is no attachment, but a link. Opening the message seems far less than appealing. Ironic Timing?


Time to change password for email address, do a Scan with ESET and Zemana and I guess enable 2FA for email.

Any other advice? Please?
Click to expand...

Don't really think you need to do a change of password and a scan of all sorts cause the email is really harmless unless you open the attachments in it. In any case activating 2FA is good since it's another layer of protection.
 
  • Like
Reactions: soccer97 and ElectricSheep
You must log in or register to reply here.

Similar threads

enaph
    • +Reputation
    • Like
    • Wow
Scams & Phishing News Microsoft “Poisons” Phishing Data With Fake Creds to Catch Hackers
Replies
0
Views
1,365
Security News
enaph
enaph
Gandalf_The_Grey
    • +Reputation
    • Like
Malware News Surge in Magniber ransomware attacks impact home users worldwide
Replies
2
Views
2,496
Security News
Jonny Quest
Jonny Quest
lokamoka820
    • Like
    • +Reputation
Security News Microsoft Office Apps Provide a New Path for Hackers
Replies
0
Views
2,133
Security News
lokamoka820
lokamoka820

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top