We hear about sophisticated attacks using ransomware and other viruses, but cybercriminals often use relatively low-tech social engineering methods to do their dirty work as well. Kasperky Lab discussed a rise in attackers targeting freelance workers by posing as a potential client and then tricking them into surrendering control of their mobile devices through legitimate remote access apps. Here's what you need to know.
Kaspersky Lab noticed a scam by cybercriminals that target freelancers seeking work. Criminals would advertise that they're looking for freelancers, usually testers, designers or copyrighters. Once freelancers bite, these cybercriminals would then ask them to install an app that is required for the job, under the guise of testing them on their skills and suitability for the task.
AirDroid, a legitimate app for remote management of mobile devices is used in a majority of these kinds of attacks, according to Kaspersky Lab:
"The link leads to the official Google Play store -- and so even a suspicious freelancer would not see signs of phishing or any other kind of cheating. Once the app is installed, the criminal sends login and password credentials for a test account. It’s not uncommon for clients to share data with freelancers, so everything still looks OK. The victim logs in with the provided credentials, and boom, the criminal has full control over the freelancer’s device. "If that compromised device has a mobile banking app, criminals can transfer money out. They can lock the phone and demand ransom for restoring it to working order. They can also dig into personal messages and photos -- perhaps finding something worthy of blackmail. All in all, that smartphone is a goldmine for the criminal."
So far, this kind of attack has mainly occurred in Russia but the vendor noted that it's not hard for the scam to be used elsewhere.
This is the kind of stuff that give security experts headaches. Because no antivirus software or security solution can save you from yourself if you freely surrender your personal details or follow directions from people you don't even know.
All you can really do is stay vigilant and, if you're a freelancer seeking work, don't get carried away when you see a potential gig; use your head and don't readily trust strangers, even if they're offering you a lucrative job.
[Via Kaspersky Lab blog]