Money launderers and account thieves have been using money mules for years to help clean up their cash and make it difficult for authorities to trace and a common method for recruitment in the past was job sites. Now though, security teams at those firms are beginning to crack down on the practice, leading to the launderers now using malware to send you somewhere their protective measures can't help.
If there's one group of people that criminals love to exploit, it's the vulnerable, as by their very nature, they're easily suggestible, perhaps desperate – making them easy targets for scams. One group of people that can often be in a vulnerable position, are those looking for jobs. There's a fair percentage that are simply seeing what's out there, but a lot of people doing so may have lost their position and need work soon, or are looking to leave wherever they work at the time as quickly as possible. This makes them much more susceptible to phony job offers for “financial managers” or in reality, money mules.
But how to get you to see the advert without the job seeker site staff shutting it down? Redirect you to a site of their own of course.
This is where the Zeus trojan comes in. According to a report by Trusteer, a new configuration of the Zeus malware uses a Man-in-the-Broswer attack to redirect a job seeker to a phony job search site. Every time from then on a person attempts to visit their chosen job search site, it sends them over to the malware deployer's fake one.
When you reach “Marketandtarget.com,” you're greeted by poorly written job adverts, promising good pay for simple stay at home jobs and in some instances mystery shoppers. As Trusteer points out, “Because this redirection occurs when the victim is actively pursuing a job, in this case with CareerBuilder [dot] com, the victim is more likely to believe the redirection is to a legitimate job opportunity.”
KitGuru Says: Keep this in mind if you're actively looking for a job. If it sounds too good to be true, it probably is and be aware of any job sites or adverts that seem like they're not written by a native English speaker – that can be a dead giveaway.