Wednesday, May 15, 2019
Woburn, MA – May 15, 2019 – In the first quarter of 2019, Kaspersky Lab experts detected a blast of sophisticated spam emails featuring fake job offers, which appeared to come from HR managers and recruiters in large corporations. Disconcertingly, the emails were actually sent by spammers and were designed to install money-stealing malware on consumers’ devices.
Spam emails are an often underestimated threat, able to spread malware through deceptive social engineering methods and claim many victims. To track spam messages, Kaspersky Lab researchers use honeypots – virtual ‘traps’ that are able to detect malicious emails and catch threat actors. For this particular operation, company experts tracked fraudsters that were trying to exploit job seekers, and reported an analysis of their findings in the new “Spam and Phishing in Q1 2019” report.
Kaspersky Lab researchers found that recipients of such spam emails were typically offered an alluring position in a large company. Targets were invited to join a free job search system by installing a special application on their device that would supposedly provide access to a job search database. To make the installation process look trustworthy, it was accompanied by a pop-up window with the words “DDoS Protection” and a fake message that claimed the user was being redirected to a legitimate recruiting website.
Screenshot of malicious e-mail sample and a pop-up window
However, victims were actually redirected to a cloud storage site, from where they were instructed to download a malicious installer that looked like a word processing file. This file’s function was to download the infamous Gozi banking Trojan, one of the most commonly used malware programs for stealing money, to the victim’s machine.
“We often see spammers using names of large and well known companies, as it helps them to succeed in their malicious business and gain people’s trust,” said Maria Vergelis, security researcher at Kaspersky Lab. “Famous brands with a solid reputation can become victims of fraudsters who pretend to be them and lure unsuspecting users into downloading a malicious attachment to their computers. This particular scheme involved the names of both well known recruiting companies and respected businesses, which made it even more sophisticated. One needed to check the email address line for errors to suspect that the job offer was not authentic.”
Kaspersky Lab detects the malicious download as Trojan-Banker.Win32.Gozi.bqr.
Additional key findings from the report include:
The full report on spam and phishing in Q1 2019 can be found on Securelist.
About Kaspersky Lab
Kaspersky Lab is a global cybersecurity company, which has been operating in the market for over 21 years. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into next generation security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at usa.kaspersky.com.