Fake Job Offers Spread PureHVNC Malware in Phishing Scam

Cybercriminals last year leveraged fake job offers from well-known fashion and beauty brands—including Bershka, John Hardy, Fragrance Du Bois, and Dear Klairs—to distribute the PureHVNC remote access trojan, according to a report from GBHackers News. The phishing campaign used these fraudulent employment lures as part of a multi-stage strategy to gain unauthorized access to victims’ systems.

PureHVNC, a remote access trojan (RAT), enables attackers to control infected machines stealthily, often bypassing security tools. Victims were enticed through seemingly legitimate job postings linked to the aforementioned companies, which served as the initial vector for delivering the malware. Once engaged, the campaign proceeded through several stages to install the RAT covertly.

The incident highlights the continued use of social engineering tactics in phishing operations, particularly those exploiting job-seeking behavior. The use of brand names from the fashion and beauty sectors suggests a targeted approach aimed at increasing credibility and victim engagement in the attack chain.