Jump to content

Malware hits Freelancers at Fiverr... Take care!


carineb

Recommended Posts

Extract from a press article:
Recently, security researchers at MalwareHunterTeam have discovered a new piece of malware that has been targeting unsuspected freelancers on Fiverr and Freelancer which means that millions of unsuspected users are currently at risk.

According to analysis shared by MalwareHunterTeam on their Twitter account, attackers are sending malicious attachments “My details.doc,” to freelancers disguising as clients claiming to offer a new job and to view the job requirements, a freelancer is required to click on the malicious documents.

For more information, please read those articles:

favicon-32x32.png?x39732HackRead – 24 Sep 18
new-malware-hits-freelancers-at-fiverr-and-freelancer-com-3.jpg.d91ca9ccb8979f699328d2155431aec0.jpg

Malware hits Freelancers at Fiverr and Freelancer.com

Follow us on Twitter @HackRead

logo-192x192.png.7f0d4748c2abe4b67e36046e16d1d1be.png ZDNet
screen-shot-2018-09-24-at-07-40-12.png.0c6eb0cd0451ffbf2152507e1ec3fcf3.png

Freelance workers targeted in new malware campaign | ZDNet

Updated: Malicious macros are being spread in a campaign targeting job seekers on freelance and casual work platforms.

lhn_72_72.pngLatest Hacking News – 23 Sep 18
attacker-creating-message.jpg

Freelancers Being Targeted With Malware Disguised as Job Offers - Latest Hacking...

635       635SharesUpdate – Abby from Fiverr has made the following statement to LHN “Operating across 190 countries and with millions of

favicon-32x32.png.14f3de63ae3ac0e2ab032d9a9c4a6e5c.png

Link to comment
Share on other sites

If someone sends me a document with a very general message, it’s a huge red flag. I always ask them to send me the details in Fiverr’s chat. They never do.

I always ask them to send me the details in Fiverr’s chat. They never do.

I do that too, and you’re right, they go away when you say that. It’s just that file they want you to open so badly.

I’ve gotten the exact message that article mentioned at least twice lately.

Link to comment
Share on other sites

Well, there are few things in case paranoia hits you.

  • After download the attachment scan it with VirusTotal, also an Antivirus is mandatory & BitDefender is the best in this branch.

  • You can upload the document (pdf & doc) on Google Docs and that way you won’t open it on your local machine.

  • Use Sandboxie or a virtual machine (Linux)

  • Make sure your Firewall is always up

  • Don’t enable macros on MS Office. It happen to me twice, behind was a little script that wanted to download some exe file. Fortunately, my BitDefender Firewall did a great job by blocking the connection.

  • And lastly, if you realize you got hacked or open a virus, immediately disconnect form your internet and reinstall your OS.

Link to comment
Share on other sites

Guest creatorscafe

I think Fiverr should take care of this , they should implement built in virus and malware scan in their system to automatically scan the file uploaded by the user for potential threats ,and if any threat found by the system in the file it should automatically disable / stop file upload .

Link to comment
Share on other sites

Guest sujon_kumar_dey

the attached files may be Malicious 😁

Thanks for your information, But any freelancer already suffer for this? any information?

Link to comment
Share on other sites

While I love to tell what is wrong with fiverr, this time I have to say, they do a fairly good job on fake accounts spreading malware or have any other type of harmful contact with buyers. They get disabled pretty fast.

Also, some commons sense is needed from sellers. If someone writes you a short message, and attaches a file, just push back, no real client looks like that.

Link to comment
Share on other sites

This has been happening last time I got a files but soon that person’s account was banned. I am really afraid now like people keep sending drive links they are know but when you have work with documents it becomes hard to trust on things.

true brother …

Link to comment
Share on other sites

For people like me who deal with docx files regularly (scripts, briefs, etc) you can still remain safe if you:

A) never open the file via your browser’s download tab.
B) only open files via “protected mode” while using MS Office.

Scanning all files with an antivirus program is of course mandatory.

And take some time to evaluate who contacts you and how they are communicating with you.

There are plenty of red flags when someone is trying to attack you, and they usually stop trying when you ask them politely to send a brief synopsis via the chat tool.

Link to comment
Share on other sites

Well, there are few things in case paranoia hits you.

  • After download the attachment scan it with VirusTotal, also an Antivirus is mandatory & BitDefender is the best in this branch.

  • You can upload the document (pdf & doc) on Google Docs and that way you won’t open it on your local machine.

  • Use Sandboxie or a virtual machine (Linux)

  • Make sure your Firewall is always up

  • Don’t enable macros on MS Office. It happen to me twice, behind was a little script that wanted to download some exe file. Fortunately, my BitDefender Firewall did a great job by blocking the connection.

  • And lastly, if you realize you got hacked or open a virus, immediately disconnect form your internet and reinstall your OS.

if you realize you got hacked or open a virus, immediately disconnect form your internet and reinstall your OS.

I’ve had viruses and never had to do that. I assume everyone has a antivirus program so it will catch it and quarentine it.

The most annoying things I’ve had and what is not uncommon is browser hijack ransomware.

It had a big message to call an 800 number and pay about $50.

I spent 3 days one time trying to get rid of that on a computer. I rolled back the entire OS to when it was new to get rid of it.

After SONY PICTURES had all their computers hijacked in this way by the hacking specialists working for a certain government they actually had to pay the hackers a lot of money to get use of their computers again.

Link to comment
Share on other sites

Guest lucypinky

Valquiriaagot put an unsafe link in the buyers request. I’m here from 1 month and it happens already two times. The fist one one calling morning and I don’t remember the end send me a message with an unsafe link telling me he wanted the page translated. Bye.

Link to comment
Share on other sites

Well, there are few things in case paranoia hits you.

  • After download the attachment scan it with VirusTotal, also an Antivirus is mandatory & BitDefender is the best in this branch.

  • You can upload the document (pdf & doc) on Google Docs and that way you won’t open it on your local machine.

  • Use Sandboxie or a virtual machine (Linux)

  • Make sure your Firewall is always up

  • Don’t enable macros on MS Office. It happen to me twice, behind was a little script that wanted to download some exe file. Fortunately, my BitDefender Firewall did a great job by blocking the connection.

  • And lastly, if you realize you got hacked or open a virus, immediately disconnect form your internet and reinstall your OS.

Thanks for such useful advice.

Link to comment
Share on other sites

Fiverr should at least scan attachments for viruses/malware.

Fiverr should at least scan attachments for viruses/malware.

They do it I guess because many messages when received go to spam or show a message that it might be harmful and the account doesn’t also withstand for long but some become victims up to Fiverr bans such account.

Link to comment
Share on other sites

For people like me who deal with docx files regularly (scripts, briefs, etc) you can still remain safe if you:

A) never open the file via your browser’s download tab.

B) only open files via “protected mode” while using MS Office.

Scanning all files with an antivirus program is of course mandatory.

And take some time to evaluate who contacts you and how they are communicating with you.

There are plenty of red flags when someone is trying to attack you, and they usually stop trying when you ask them politely to send a brief synopsis via the chat tool.

For people like me who deal with docx files regularly (scripts, briefs, etc) you can still remain safe if you:

Yup! I do everything you’ve mentioned. 🙂

There are plenty of red flags when someone is trying to attack you, and they usually stop trying when you ask them politely to send a brief synopsis via the chat tool.

I get these slicksters once in a blue moon, I just roll my pretty eyes. :roll_eyes:

Teamviewer is another old dirty trick that people should avoid at all cost.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...