Wednesday, April 17, 2024
HomeCyber Security BlogsPhishing campaign pushes malware by impersonating as Global recruitment firm

Phishing campaign pushes malware by impersonating as Global recruitment firm

An ongoing phishing campaign is pushing Ursnif data stealing malware by posing as Michael Page consultant. This malware capable of harvesting credentials and sensitive data from the target system.

Michael Page is a renowned and leading employment agency which focus on recruiting professionals for permanent, contract, temporary or interim positions.

“We are continuing to experience a global phishing campaign where our employees are being impersonated,” Michael Page UK said.

“We are confident that no PageGroup system has been compromised,”, the parent company added. They mentioned that the attackers have not hampered the recruitment company’s server but they are spamming the mail of the customers by sending the malware to random targets. 

“These phishing emails are being generated from publicly available information not linked to our business and are being then sent on to random email recipients,” PageGroup revealed.

PageGroup requests the users not to respond or click on any embedded link if anyone receives any suspicious email from Michael Page.

The Victims get baited by Executive Positions-

The attackers are luring the targets by posing as Michael Page headhunter and offering them the executive positions. These emails contain embedded links that land to pages which features GeoIP and anti-bot checks. The victims are then directed to download file that contain malicious Excel sheet featuring DocuSign branding. The victim is asked to enable editing to decrypt and open the document. 

Once the job is done, a fake decoy document showing information of a fake position is opened and the Ursnif malware payload is downloaded at the background and installed in the computer. Ursnif is an information stealing malware. Once this malware gets installed in the computer, it collects all the data like the sites the victims visit, the clipboard content. These information are collected in log files and transmitted back to its operator. The operator may steal the log in credentials and other sensitive data to compromise the system even further.



Please enter your comment!
Please enter your name here

Most Popular

Recent Comments

Izzi Казино онлайн казино казино x мобильді нұсқасы on Instagram and Facebook Video Download Made Easy with
Temporada 2022-2023 on CamPhish
2017 Grammy Outfits on Meesho Supplier Panel: Register Now!
React JS Training in Bangalore on Best Online Learning Platforms in India
DigiSec Technologies | Digital Marketing agency in Melbourne on Buy your favourite Mobile on EMI
亚洲A∨精品无码一区二区观看 on Restaurant Scheduling 101 For Better Business Performance

Write For Us