A threat group dubbed “Tortoiseshell” is preying on American’s support for Veterans with a fake website that offers an “app” to assist in finding a job.
Instead the app downloads malware. The malware is designed to spread further once installed.
The site spoofs a popular website by the U.S. Chamber of Commerce at https://www.hiringourheroes.org. The malware site uses the address hxxp://hiremilitaryheroes[.]com/. (Do NOT go there!)
First reported by Cisco’s Talos division, the website and its “app” appears to have a goal of getting malware onto active duty soldiers’ systems. It gathers “a lot” of information about the user’s system.
While Cisco’s Talos report says it can’t say if Tortoiseshell represents a particular rogue nation, Military.com attributes the malware to Iran. It says the goal appears to be getting access to Pentagon systems.
“They’re hoping one of their targets would use a DoD system to download and run the malware,” Military.com said.
As always, we recommend you practice your anti-phishing skills and double-check any Web address. Apps should come from the Apple App Store or Google Play – not from an hXXp site.
Happy Veterans Day and stay safe!