{"id":190220,"date":"2022-05-09T11:31:32","date_gmt":"2022-05-09T09:31:32","guid":{"rendered":"http:\/\/sftarticles.wpenginepowered.com\/en\/?p=190220"},"modified":"2025-07-01T20:46:38","modified_gmt":"2025-07-02T03:46:38","slug":"malware-targets-job-offers","status":"publish","type":"post","link":"https:\/\/cms-articles.softonic.io\/en\/malware-targets-job-offers\/","title":{"rendered":"New types of malware found in job offers!"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">\u00a0At Softonic, we are always trying to keep you informed about all the different types of malware and cyberthreat that are out there. We\u2019ve tracked the development of everything from <a href=\"https:\/\/en.softonic.com\/articles\/ransomware-scams-cities\" target=\"_blank\" rel=\"noreferrer noopener\">ransomware taking cities hostage<\/a> to <a href=\"https:\/\/en.softonic.com\/articles\/iphone-phishing\" target=\"_blank\" rel=\"noreferrer noopener\">phishing attacks targeting iPhone users<\/a>, and created <a href=\"https:\/\/norton-security-premium.en.softonic.com\/articles\/malware-phishing-spyware-viruses\" target=\"_blank\" rel=\"noreferrer noopener\">cybersecurity guides<\/a> to help you stay ahead of the malicious actors. This one, though, is a new one for us. The research team at Malwarebytes Labs have discovered <strong>malware hiding in job offers for NFT-related job posts<\/strong>.<\/p>\n\n\n<div class=\"sc-card-program\">\r\n  <div class=\"sc-card-program__body\">\r\n    <div class=\"sc-card-program__row clearfix\">\r\n      <div class=\"sc-card-program__col-logo\">\r\n        <img decoding=\"async\" class=\"sc-card-program__img\" alt=\"Malwarebytes\" src=\"https:\/\/images.sftcdn.net\/images\/t_app-logo-xl,f_auto\/p\/04cdb438-96d1-11e6-ac69-00163ed833e7\/1339587476\/malwarebytes-anti-malware-icon.png\" width=\"100px\" height=\"100px\">\r\n      <\/div>\r\n      <div class=\"sc-card-program__col-title\">\r\n        <span class=\"sc-card-program__title\">Malwarebytes<\/span>\r\n        <a class=\"sc-card-program__button sc-card-program-internal\" href=\"https:\/\/malwarebytes-anti-malware.en.softonic.com\/\" target=\"_self\" rel=\"noopener noreferrer\">Download Now<\/a>\r\n      <\/div>\r\n      <div class=\"sc-card-program__col-rating\">\r\n        <svg class=\"rating-score__content\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" version=\"1.1\" x=\"0\" y=\"0\" viewbox=\"0 0 50 50\" enable-background=\"new 0 0 50 50\" xml:space=\"preserve\"><path class=\"rating-score__background rating-score--good\" fill=\"none\" stroke-width=\"6\" stroke-miterlimit=\"10\" d=\"M40 40c8.3-8.3 8.3-21.7 0-30s-21.7-8.3-30 0 -8.3 21.7 0 30\"><\/path><path class=\"rating-score__value rating-score__value--0\" fill=\"none\" stroke-width=\"6\" stroke-dashoffset=\"0\" stroke-miterlimit=\"10\" d=\"M40 40c8.3-8.3 8.3-21.7 0-30s-21.7-8.3-30 0 -8.3 21.7 0 30\"><\/path><text class=\"rating-score__number\" content=\"\" text-anchor=\"middle\" transform=\"matrix(1 0 0 1 25 31.0837)\" data-auto=\"app-user-score\"><\/text><\/svg>\r\n      <\/div>\r\n    <\/div>\r\n    <div class=\"sc-card-program__row\">\r\n      <span class=\"sc-card-program__description\"><\/span>\r\n    <\/div>\r\n    <div class=\"sc-card-program__row\">\r\n      <img decoding=\"async\" class=\"sc-card-program__bigpic\" src=\"\" onerror=\"this.style.display='none'\">\r\n    <\/div>\r\n    <a class=\"sc-card-program__link track-link sc-card-program-internal\" href=\"https:\/\/malwarebytes-anti-malware.en.softonic.com\/\" target=\"_self\" rel=\"noopener noreferrer\"><\/a>\r\n  <\/div>\r\n<\/div>\n\n\n\n<p class=\"wp-block-paragraph\">In a recent <a href=\"https:\/\/blog.malwarebytes.com\/scams\/2022\/05\/fake-cyberpunk-ape-executives-target-artists-with-malware-laden-job-offer\/\" target=\"_blank\" rel=\"noreferrer noopener\">blog post<\/a>, the cybersecurity specialists reported on a number of posts <strong>published on sites like DeviantArt and Pixiv<\/strong>, related to cyberpunk and ape NFTs. The posts are <strong>targeting artists<\/strong> to offer them jobs producing art that can be turned into NFTs. The messages are signed \u201cCyberpunk Ape Executives\u201d, which is likely trying to capitalise on the success of Yuga Labs\u2019 Crypto Punks and Bored Apes series that have raised hundreds of millions of dollars for the company and subsequent holders of the NFTs. It would be easy to lower your defenses and fall prey to the scam with such riches in the air.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The <strong>scam itself is not too sophisticated<\/strong> and employs tricks we\u2019ve seen before. It is a phishing scam that is trying to <strong>get victims to download malicious files<\/strong> to their devices. The message sent to the prospective artists, reads:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><em>\u201cHi! We appreciate your artwork! Cyberpunk Ape Executives is inviting 2D-artists (online \/ freelance) to collaborate in creating NFT project. As a 2D-artist you will create amazing and adorable NFT characters. Your characters will become an important part of our NFT universe! Our expectations from the candidate: 1) Experience as a 2D-artist 2) Experience and examples of creating characters 3) Photoshop skills<\/em><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><em>Main tasks: 1) Creating characters in our NFT style 2) Interaction with Art Team Lead on task setting, feedback. For further communication check out the examples of our NFT works: [url removed] and send a reply (CV + examples of your works) for this position. Approximate payment per day = $200-$350. We make payments to Paypal, BTC, ETH, LTC.\u201d<\/em><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The message comes with a link to a download page, which contains thumbnails of example GIF NFTs. The problem, which you can see in the image above is that <strong>one of the GIFs actually has <em>.exe<\/em> at the end<\/strong> of the file name instead of <em>.gif<\/em>. This means that, although the file name does contain the word gif, as it ends with .exe <strong>the file is an executable file instead of a gif file<\/strong>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Malwarebytes reports that the file <strong>contains a form of <a href=\"https:\/\/blog.malwarebytes.com\/detections\/spyware-passwordstealer\/\" target=\"_blank\" rel=\"noreferrer noopener\">infostealer<\/a><\/strong>, which the cybersecurity company describes as <strong>Spyware.PasswordStealer.EnigmaProtector<\/strong>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">As always with these types of scams, the lesson is to be ever vigilant when you are online and receive messages from strangers. To be extra safe, make sure you check out these <a href=\"https:\/\/en.softonic.com\/articles\/easy-free-ways-to-be-safe-online\" target=\"_blank\" rel=\"noreferrer noopener\">6 easy and free ways to be safe online<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u00a0At Softonic, we are always trying to keep you informed about all the different types of malware and cyberthreat that are out there. We\u2019ve tracked the development of everything from ransomware taking cities hostage to phishing attacks targeting iPhone users, and created cybersecurity guides to help you stay ahead of the malicious actors. This one, &hellip; <a href=\"https:\/\/cms-articles.softonic.io\/en\/malware-targets-job-offers\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;New types of malware found in job offers!&#8221;<\/span><\/a><\/p>\n","protected":false},"author":9073,"featured_media":190222,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","wpcf-pageviews":0},"categories":[1015],"tags":[3440],"usertag":[],"vertical":[],"content-category":[],"class_list":["post-190220","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-app-subdomain-redirectionmalwarebytes-anti-malware"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/190220","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/users\/9073"}],"replies":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/comments?post=190220"}],"version-history":[{"count":1,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/190220\/revisions"}],"predecessor-version":[{"id":323952,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/190220\/revisions\/323952"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media\/190222"}],"wp:attachment":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media?parent=190220"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/categories?post=190220"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/tags?post=190220"},{"taxonomy":"usertag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/usertag?post=190220"},{"taxonomy":"vertical","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/vertical?post=190220"},{"taxonomy":"content-category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/content-category?post=190220"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}