Laughing All the Way to the Malware Bank: How Vietnamese Hackers Turn Job Seekers into Unwitting Movie Stars

Social Media Manager Hackers have cast a new blockbuster, baiting job seekers with fake offers, then serving a malware main course. The plot twist? It’s your social media accounts and credit cards they’re after, using them to fund and launch their own malicious ad campaigns. In this cybercrime cinema, you definitely don’t want a starring role!

Hot Take:

Wanted: Social Media Managers. Must have a keen eye for detail, excellent communication skills, and a high tolerance for being targeted by Vietnamese hackers. It seems like “job seekers beware” is the new mantra in the digital space. Our friendly neighborhood hackers are baiting unsuspecting social media enthusiasts with tantalizing job offers. The catch? A chance to star in their personal malware sequel, featuring the blockbuster hits – RedLine Infostealer and DarkGate. Talk about an explosive career move!

Key Points:

  • Hackers, suspected to be from Vietnam, are targeting social media managers in the US, UK, and India with malware to gain access to Facebook business accounts.
  • The hackers impersonate the American company Corsair on LinkedIn and advertise a fake job for a social media management position.
  • The job advertisement is a ploy to distribute documents containing a VBS script that delivers the RedLine Infostealer or DarkGate malware.
  • The criminals gain access to the victims’ social media accounts and linked credit cards, enabling them to launch and pay for malicious ads.
  • Such fake job offers are not a new trend, with the notorious North Korean Lazarus Group previously using similar tactics to target blockchain developers.

Need to know more?

Deja Vu: Lazarus Strikes Again

Remember the Lazarus Group? That North Korean hacker gang with a penchant for creating fake job offers to lure in blockchain developers? Well, it seems they've inspired a new generation of cyber thugs. In a classic 'Art of War' twist, these scammers are mimicking their enemies (or heroes?), using the same bait-and-switch tactic to snare their victims. The plot is simple: pose as a reputable company, advertise a seemingly legitimate job, conduct a few interviews, and then - BAM! - unleash a malware-laden document.

Directing the Malware Movie

The hackers are no novices at directing this malware movie. They cast their victims by impersonating Corsair, a well-known American computer peripherals and hardware company, on LinkedIn. The unsuspecting job seekers are then lured into downloading documents, which, unbeknownst to them, contains a VBS script. If executed, this script ushers in the main stars of the show - the RedLine Infostealer or DarkGate.

The Grand Finale: Malicious Ads

Once our hackers have access to the victims’ social media accounts, they are one step closer to their grand finale: launching malicious ads. With access to linked credit cards, these fraudulent ads are easy to fund and can reach up to three billion monthly active users. Talk about a captive audience! And, just to add a little twist, these ads almost always lead to a malicious site or promote malware. The Oscar for Best Director of a Malicious Campaign goes to...
Tags: DarkGate malware, Fake Job Ads, Info-stealing Malware, Lazarus Group, LinkedIn scams, RedLine Infostealer,