The FBI is warning businesses of an ongoing Bredolab Trojan campaign that targets postings on legitimate job posting websites and has so far netted cybercriminals $150,000.
Cybercriminals responded to online job postings with email messages containing malware laden job applications. The malware allowed the attacker to obtain the online banking credentials of the person who was authorized to conduct financial transactions within the company.
"The malicious actor changed the account settings to allow the sending of wire transfers, one to the Ukraine and two to domestic accounts," the FBI said.
Investigators determined that the malware is a Bredolab variant, connected to the Zeus Trojan, a banking Trojan commonly used to target businesses. Bredolab has been quickly spreading via email messages and drive-by downloads, according to Symantec.
The cybercriminals behind Bredolab use automated attack tools to spread the malware. Social engineering tricks make emails seem legitimate in order to deceive the user. Symantec said it has detected Bredolab variants in Western Union free money spam messages, spoofed UPS Delivery failure notices and fake Facebook password-change messages.
In October, Dutch authorities announced that computer teams took out the Bredolab botnet, seizing and disconnecting more than 100 command-and-control servers. Bredolab is thought by some experts to have infected at least 30 million computers.
Security experts say employees should not trust email attachments from people you do not know. Check attachments with an antvirus scan prior to opening them. The FBI alsorecommends that businesses use separate computer systems to conduct financial transactions.