In a new multi-stage malware campaign, Google Forms job lures deliver PureHVNC.

Attackers have found a new way to spread malware by using Google Forms, which is one of the most trusted tools people use every day This article explores malware using google. . A new campaign is using fake job interviews, project briefs, and financial documents as business-themed lures to send a Remote Access Trojan (RAT) called PureHVNC to victim computers.

The malware itself isn't what makes this campaign stand out; it's the strange way the attackers chose to start the infection. Find out about more VPN services. Response to a cyberattack Protection against identity theft The campaign starts with a convincing Google Form that looks like a real hiring or business process. These forms ask for professional information like your work history and background, which makes them seem more real.

Check official company websites and people you know to make sure that job offers or project requests that come out of the blue are real. Don't click on links that are hidden behind URL shorteners until you know where they go. Security teams should keep an eye out for strange DLL loads, encoded PowerShell task creation, and process injection into SearchUI.exe.

Keep endpoint defenses up to date so they can find Python processes that are running unexpectedly from inside ProgramData directories. For more instant updates, follow ZeroOwl on LinkedIn and X.