A Tumblr of trouble

Job Application Mail Shows Great Potential (For Installing Something)

What is it? An email claiming to be about a job application will lead the recipients to potentially unwanted installs and / or offers.

Why is it a problem? Emails from unfamiliar sources claiming to be about jobs can (in the worst case situations) often turn the recipient into a money mule, and that isn’t something you want to be getting involved with.

Do we detect it? Yes, we detect the offered installer as PUP.Optional.Bandoo (VirusTotal score: 4/50)

Here, then, is the email in question:

So, about that job...

It reads as follows:

RE: Your Job Application

Thank you for your recent job application. We have reviewed it and have good news for you. We’d like to hire you, plus pay for your to get trained on the job.

If you are still searching for employment, we encourage you to go to our site and fill out some additional information. You’ll find the link below: APPLY TODAY

Regards, Career Services Dept.

If you’re no longer interested, please feel free to Go Here at anytime. Also, If you are not the person who applied, please disregard this email.

Clicking the first link in the mail takes the end-user to an iLivid install:

Where do I send my resume

From this install, we have an ASK Toolbar, iLivid itself and the Torch Browser (along with links to Youtube and Facebook on the desktop):

Post install

I tried clicking the email links while showing myself as being in a number of geographical locations, and all but one took me to an iLivid install. Here’s the one that didn’t:

Congratulations!

No matter what I tried, there was nothing to be seen in terms of this mysterious job application I supposedly sent out. On the bright side, I might win an iPad. So there’s that.

The promise of free gifts aside, stick to reputable job search websites and places where you can cross reference and fact check that what you’re seeing is the real deal – jobs advertised on Linkedin are ideal for that sort of thing. Resist the temptation to respond to messages such as the above, and always be cautious of clicking on links.

You never quite know what you’ll end up with (but it probably won’t be a job).

Christopher Boyd

ABOUT THE AUTHOR

Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.