Fake Job Campaigns Deliver Malware

Proofpoint has discovered several variations of fake job campaigns targeting US companies in retail, entertainment, pharmacy, and other industries and believes it is the same threat actor that reportedlytargeted US anti-money laundering officers two weeks ago. The common characteristics of these campaigns include the threat actor pretending to work for a staffing agency and offering employment in a follow-up email sent through LinkedIn’s direct messaging service. The email contains a link with the noted job description that, if clicked, directs the user to a malicious website spoofing a real staffing agency’s landing page. Visiting the page initiates a Microsoft Word file download containing malicious macros that, when enabled, downloads and executes the “More_eggs” malware. The NJCCIC recommends never opening attachments or using links provided in unsolicited emails to visit websites requiring the input of credentials or other sensitive information. Users who receive unexpected or unsolicited requests from known senders inviting them to click on a link or open an attachment are advised to verify the sender via another means of communication before taking any action. We recommend reviewing Proofpoint’s blog post for more details about these fake job campaigns.