• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
  • ChatGPT
    • Does ChatGPT Save Data?
AskCyber Home » News » Malware » Iranian Hacker Website Targets US Veterans with Malware

Iranian Hacker Website Targets US Veterans with Malware

2019-09-25 by Michelle Dvorak

Veterans Malware

Fake Military Veteran Hiring Website Targets US Veteran Job Seekers – Infects Computers with Malware

A malicious one-page website is targeting US Veterans who are looking for work. The scam website offers a free desktop app that supposedly helps readers search for jobs online. The website is believed to be the work of Iranian hacking group, Tortoiseshell.

The scam website was discovered by Cisco Talos Group.

The hackers were recently identified by Symantec as Tortoiseshell. Cyber security researchers at Symantec reported on the other hacking activities of this group just last week.

The one-page scam employment site has only three buttons that prompt Veterans to download a zip file which supposedly gives them a free desktop job search app. Rather than helping unsuspecting victims find jobs, it downloads malware to their computers.

hiremilitaryheroe scam website screenshot

The malware is a combination of an information stealing malware and a RAT malware.

The malicious website is Hiremilitaryheroes [.] com (do not go there)

The scam employment website is named close to a legitimate service run by the U.S. Chamber of Commerce, https://www.hiringourheroes.org. However, the two websites do not look similar and the real website has much more functionality. The legit site helps soon-to-be Veterans find jobs. Based on the close URL name, it appears to be that the spoof website targets that same group of the military population.

The website prompts readers to “Try our desktop app for free:”

The only interactive content on the scam website are the three buttons (pictured). When clicked, they initiate a download of a supposed job search desktop app. The downloaded files supposedly help Veterans find work.

Credit Cisco: Veterans Malware Installer 1 Screenshot

The three buttons link to compressed file downloads for Win 10, Win 8.0, and Win 8.1 The link path names imply each file is for different versions of MS Windows. Hovering over each button reveals a zipped file path with the following file names

Win 10 button /apps/win10.zip

Win 8.8 button /apps/win81.zip

Win 8.0 button /apps/win80.zip

Windows 8.0 is an old version of Windows released in 2012. IT was updated with Windows version 8.1 in 2013. The current version of Windows is 10.

If clicked the download begins. The installer checks if Google is reachable. If not, the installation stops. If it is reachable, the installer downloads two binaries from hxxp: // 199[.]187[.]208[.]75/MyWS.asmx/GetUpdate?val=UID:

One of the binary files is a tool used to perform a reconnaissance stage on the system and the second is the Remote Administrative Tool (RAT Malware).

The hacker can steal information such as the date, time, and computer drivers. The malware also gives the hacker information about the system such as security patches applied, processors, network configuration, hardware, firmware versions, domain controller, and admin name. This information is critical and is more than enough for a hacker to launch further cyber attacks.

The website is not secured with an SSL certificate. There is one third-party tracking cookie from mythemestre.com

What is Malware?

Malware is any kind of undesirable software or app on a laptop, tablet, smartphone, router, or other electronic device. Malware comes in many forms including ransomware, computer viruses, worms, adware, RAT malware, info stealers, and others. Often the goal of malware is to extract money from the device owner by locking up access and demanding a ransom. This type of malware is called ransomware.

Long-term malware campaigns have a low and slow approach a tactic seen with organized hacking groups. Malware can be used to steal information from the infected device and work to escalate privileges. It then spreads to other computers, hardware like routers, and entire IT network’s if it goes undetected. Most malware campaigns begin with email phishing attacks.

What is RAT Malware?

RAT malware is a type of malware that helps hackers increase their level of access on an infected device. For example, hackers attempt to gain admin access and root user privileges in order to access more files and sensitive information. Admin privileges let hackers control a computer, alter files and permissions, and launch further cyber attacks. Admin privileges also help hackers spread malware to other machines and infect entire networks.

Filed Under: Malware Tagged With: Government, Iran

About Michelle Dvorak

Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version