Alow, Alow! Attacks are becoming increasingly sophisticated and advanced.
In June alone, I received about six fake job offers. All of them were different but had one similarity: at some point, the advertiser asked me to look at a code and do something with it.
In the first case, I agreed to install and test the proposed code because the context presented seemed very real. However, I created a configuration with Docker Composer to run the project in a container with restricted access to my machine and used a browser with test settings, including a test crypto wallet. As a result, the attacker did not gain access to any real data or passwords. After reporting an error in part of the application, the attacker asked me to run the application on my machine without Docker. This was when I realized it could be an attack. I made an excuse and left the situation without any real losses.
To be honest, I only avoided problems due to luck or my habit of taking precautions with third-party programs. A few years ago, I fell victim to a bank card and phone line cloning scam. The bank refunded the amount, but it was a good learning experience. Since then, I've been more careful.
After that, I received several different contacts with variations of this attack. The stories, profiles, and contacts varied. Some profiles were new, but others seemed real and old, belonging to real people who had been hacked. The offered amounts varied greatly and could be realistic for the service, low, or very high, but always within a "possible" range for a real job.
What caught my attention was a profile of a U.S. politician that seemed real. The attacker likely stole the account and was using it to carry out the attacks.
What seems to indicate a real attack is that all the provided repositories had a simple application with little logic, a well-written README.md or at least a description of the fake project, and 1 or 2 contributors. Typically, these are private users or those without platform data.
So, if you see someone asking you to test an unknown repo, be careful. If you really want to take the risk, you can run the project in a container and use an alternative browser without your personal data.
How Does This Attack Work?
The attacker's goal is to convince the victim to run malicious code that can be in a program, like a React app, or as a dependency.
In the case of a job offer scam:
- The attacker offers a job through a message, a posted job, or freelancing platforms.
- They try to gain the victim's trust, talking about the project or telling a story. At this point, the attacker can pretend to be anyone, from experts in the field to laypersons.
- To pass the application process, the developer needs to download a project that may be in a code repository like GitHub (more common) or receive the code as a compressed file (less common).
- When running the system, the hidden code scans the victim's computer for passwords, keys, and security codes, sending them to the attacker.
- With access, the attacker steals all the victim's resources, accesses their accounts, and tries to exploit them in various ways.
Safety Instructions to Prevent and Protect Against This Type of Attack
- Use Isolated Environments: Always run unknown code in containers or virtual machines to prevent malicious code from accessing your real data.
- Verify Reputation: Before accepting any job, check the advertiser's reputation and the profile's age. Newly created profiles or those with little information may be suspicious.
- Use Test Browsers: Use browsers specifically configured for testing, without personal data or saved passwords.
- Do Not Share Sensitive Information: Never share passwords, private keys, or any other sensitive data with strangers.
- Keep Software Updated: Keep your operating system, browser, and other software updated to protect against known vulnerabilities.
- Education and Awareness: Stay updated on new forms of attacks and share security information with your network.
- Be Wary of Offers That Are Too Good to Be True: If the offer seems too good to be true, it might be a scam. Evaluate it carefully.
- Enable Two-Factor Authentication: Enable two-factor authentication (2FA) on all your accounts for an extra layer of security.
By following these practices, you can minimize the risks of falling victim to scams and cyber attacks. Stay vigilant and protect your data!