Hackers create fake veteran-hiring website to infect systems with malware

FAKE VETERAN HIRING WEBSITE blog.talosintelligence.com

A website which claimed to help find jobs for US military veterans turned out like a trap to infect the computers of the users with malware, said a security intelligence and research group.

The website, called hiremilitaryheroes.com asked the users to use malicious spying tools and download fake apps to infect the system with malware.

Cisco Talos said in a blog post the system info recovered by the attacker includes hardware, number of processors, network configuration, firmware versions, patch level, domain controller, screen size and admin name.

The industry-leading threat intelligence group, Cisco said, "This is a significant amount of information relating to a machine and makes the attacker well-prepared to carry out additional attacks."

The post added that the website "is only composed of three links to download a desktop app for free. The app is a fake installer. Contrary to standard malware installers, this one does not need to be silent, as the user expects an installation."

They also mentioned that the people in US are quick to give back and support the veteran population and "this website has a high chance of gaining traction on social media where users could share the link in the hopes of supporting veterans."

Cisco and Symantec stated that in this entire episode, the threat actor is Tortoiseshell which is also believed to be behind an IT provider's attack launched against Saudi Arabia recently.

However, it is yet to be revealed whether the fake website is still up and running and if there any person who was harmed by it.