Potential Malicious File send by the Client

jyotirmoyb · ‎04-23-2023

A Client with Zero Spending and 14 Hire send me an offer to run Facebook Ads.

After a few chat, He told me "if you agree i will email all projects to you and you will choose 1 project then we will send you 1 ad account suitable for the project you choose, okay"

So I send my email address and he shared me a WeTransfer link. Where I downloaded the file and Found something strange.

It contains some images and a file. The file size is almost 1 GB. It looks like an MS Word file but it .exe application file. Unfortunately, I clicked on it.

Can you please tell me if it's a malicious file?

JoanneP · ‎05-16-2023

Hi Jyotirmoy,

I can see that you already corresponded with our team about this report. We appreciate that you brought this to our attention so our team can review it further. If you have any other questions or concerns, please let us know.

~ Joanne

efc1c539 · ‎05-30-2023

Hi Upwork, where can I communicate a similar situation?

759e32fa · ‎05-30-2023

Hi Isa,

We’ve escalated your community post to a support ticket. One of our agents will be in touch with you soon to assist.

~ AJ

efc1c539 · ‎05-30-2023

I got the same type of mail. A client with zero spend send me a hire offer to run Facebook ads. Claiming to be a million dollar sales company looking for growth in the UK. She send me an offer without talking or inquiring. When I asked her what the project was for, she said that she didnt have the time to explain or do a video chat but she would send me a file with all the information. She send it to my business email. It was a rar file. I opened it on a website that opens rar files and saw that there was a mp4 file and an exe file. When I asked her about it she said it was for security reasons that they had it in an exe file. It was to protect it against competitors. Now, I have been around for digital marketing for 16+ years and thought this was very fishy. I said I will not open it unless she send me regular files. She offered to open the file for me via some sort of sharing system as she misunderstood what I was saying. This made me even more suspicious. I said that I would not open it unless she would send regular files. She refused and I knew enough. I think Upwork should look into this as now I see your post and see that it has happened more often. About your question, did you open the exe file as well or did you just unwrap the rar or zip file?

jiyoung_seoul · ‎06-07-2023

Hi, I just went through the same experience. I clicked the exe file a couple of times unfortunately. I tried virus check and found nothing yet. Can anyone who went through this let me know what should I do to prevent damage?
btw, I met quite a few numbers of scammers and I must be cautious when accepting tasks.

Thanks.

4064b3a9 · ‎06-14-2023

Unfortunatelly the same happened to me. Feeling very stupid to click on that pseudo word. I ran a filecheck, which gave a positive for the following malware:

Trojan.PSW.Disco.gqn
Trojan.Disco.Win32.8458
Win64:Evo-gen [Trj]

Here is how I reacted:

5min after the click on the exeI disconnected the Internet
I ran a Malwarebytes, Norton Power Eraser, and Microsoft Defender Offline Scan. MWB quarantained 3 files. No malicious files are found anymore
I deleted all temporary files on my computer as well as the browser cache

Question:
Am I safe now or do I have to flatten my computer? Any expert here, who can give advise?

marquolin · ‎05-03-2024

Some customers sent me an exe file with malware. Who should I talk to?

spectralua · ‎05-03-2024

Use "report message" option there.