Cybercriminals are targeting freelancers in a new malware campaign sending malicious macros disguised as job offers.

The MalwareHunterTeam spotted the malicious messages on popular web application sites such as Fiverr and Freelancer.com in documents claiming to be job descriptions that were actually keyloggers such as Agent Tesla and Remote Access Trojans (RATs), according to a Sept. 21 tweet.

https://twitter.com/malwrhunterteam/status/1043108622862041091

In one example, the threat actors sent an email asking the intended victim to check the attached document and then get back to them with a "cost and time frame," while in another example the threat actor sent over a document entitled "My details.doc," which also contained malware.

Researchers said dozens of people have been contacted this way on the platforms and that that this is an otherwise common method to compromise unsuspecting victims. To protect themselves from these threats, users should disable macros and install some sort of real-time threat monitoring solution.

"Fiverr uses the latest anti-fraud and data security measures to protect everyone who relies on our platform against malware and other attacks," a Fiverr spokesperson told SC Media. "Any attempts to publish or send malicious content with the intent to compromise another member’s account or computer environment is strictly prohibited on Fiverr, and we act aggressively against it."