Learn about Warmcookie: Malware that targets people looking for work

Malware distributors are quite insensitive. They often target the most vulnerable people to ensure their payload causes maximum damage. From hospital computer infrastructure to scamming people who have lost pets, they know how to prey on their victims' weaknesses.

Unfortunately, those desperate for a new job are no exception, as malware developers have found ways to take advantage of these stressful times to spread their products.

What is Warmcookie malware?

Warmcookie finds its way onto a PC after the victim is infected with a malicious application. The application downloads the Warmcookie DLL to create a process in Windows that fires every 10 minutes. Once on someone's PC, it sends information back to the server.

Warmcookie itself is a standard when it comes to spyware. What makes it especially dangerous is the way it gets into victims' computers in the first place.

How does Warmcookie spread to job seekers?

Learn about Warmcookie: Malware that targets people looking for work Picture 1

When a malware developer wants to download a malware payload onto someone's computer, it often acts on that person's emotions. Even the most rational person will lose control when bound by emotions, and there are personality traits that make some people more susceptible to scams. Once the logic is removed, malware distributors can trick people into doing things they never thought they would do.

In this case, the malware developer was acting on an emotional rollercoaster of a job search. They prey on potential job seekers by giving them fake job offers. This rush of excitement and stress interferes with the target's judgment and causes them to click on whatever the malware distributor wants.

In a report by security research firm Elastic, Warmcookie is spread through emails informing victims that they have just been offered a job. In some cases, a malware distributor may collect the target's name and job title to make his or her email appear authentic. The email states that all victims have to do is fill out a CAPTCHA to prove they are human and can receive a job offer.

After the job seeker enters the CAPTCHA, the client will download a Javascript file containing Warmcookie. From there, the malware can become active.

What does Warmcookie do after infecting a computer?

Learn about Warmcookie: Malware that targets people looking for work Picture 2

As spyware, Warmcookie can track what is on the victim's computer and send it back to the malware distributor. Some of Warmcookie's scarier attacks involve taking screenshots of the desktop using Windows' built-in tools and sending the images to the attacker. Elastic did some testing with a control machine and discovered it was sending images to an external server; The image above is one of these screenshots.

It can also collect information about the computer it is on by running Windows commands in the background and sending the information back to the host server. If required, it can install applications and services on the target computer without the victim's knowledge.

How to spot a fake job ad?

Learn about Warmcookie: Malware that targets people looking for work Picture 3

The problem with fake job ads is that they can mimic real postings very well. Sometimes, they will send an unsolicited email but use Social Engineering to make it look like it comes from a reputable source, such as your current boss. Other malware distributors use job boards to post fake ads and trick people into signing up for them.

If you receive an unsolicited email claiming to be from the company you applied for, be cautious. Companies don't usually offer jobs out of the blue, but emails can try to panic you and push you to click right away, like a countdown. If in doubt, ask your manager or human resources department about the email to see if it's authentic.

If you are applying for a job, job boards are a good way to find jobs. However, you need to carefully check the companies you are applying to before sending your resume. Make sure they fit the bill, look professional, and have been in business for a while. You should do this anyway to make sure you're suitable for the job, so it's a good way to check the recruiter's credibility at the same time. See how to identify and avoid recruitment scams for more information.

Malicious job postings can be cruel because they intentionally take advantage of people who are in an emotionally vulnerable state. So, next time you're looking for a job or receive a job offer in your inbox, remember to treat it with caution. It could contain something extremely dangerous!

Micah Soto

Update 04 July 2024