A website pretending to help find jobs for US military veterans was found to be infecting their computers with malware, Cisco Talos said Tuesday. The website was called hiremilitaryheroes.com, a Talos blog post said, and asked users to download a fake installer app that deployed malware and malicious spying tools.
The system info retrieved by the attacker includes hardware, firmware versions, patch level, number of processors, network configuration, domain controller, screen size and admin name.
“This is a significant amount of information relating to a machine and makes the attacker well-prepared to carry out additional attacks,” Cisco Talos said, adding it has the potential of affecting a lot of people.
“Americans are quick to give back and support the veteran population … this website has a high chance of gaining traction on social media where users could share the link in the hopes of supporting veterans.”
The threat actor is Tortoiseshell, Cisco and Symantec say, which was also found to be behind an IT provider attack in Saudi Arabia.