Most freelancing websites work in a similar way; the client can message you, or create an order without messaging you, and then they have to submit requirements in order for the order to begin. Security researchers at MalwareHunterTeam have discovered new malware that exploits this part of the process. Attackers will send a document as part of their requirements, naming it something that would raise no red flags, such as “my details” or “requirements”. This means in order for the seller to begin their work, they have to click on the document to view the requirements.

Saw an NG actor using @fiverr to spread.
And in this case, the poor girl opened the doc…
People, if you are opening files from random people, at least have an AV installed. And of course, don't enable macros… pic.twitter.com/nfC3ahmMUj

— MalwareHunterTeam (@malwrhunterteam) September 21, 2018

Once the malicious document has been clicked, the user will be encouraged to enable macros which work as a malware dropper. A dropper is a kind of Trojan that’s function is to install malware to target a system. If you are a freelancer and come across a message asking you to download macros after clicking on a document, we urge you not to. These attackers can often be quite committed to the cause, they have been known to be actively responding to messages encouraging sellers to enable the macros and how there’s nothing to worry about.

We recommend that if you are a professional using freelancing services, that you stay vigilant. Report any suspicious activity to the customer service teams, and make sure your anti-virus software is on and up to date, as this should flag up the malicious macros if your radar didn’t notice anything suspicious beforehand.

[stackCommerce layout=”2″ count=”5″ sort=”best_sellers”][/stackCommerce]

The post Be wary of attackers on freelancing sites appeared first on Hack Ware News.