Extract from a press article:
Recently, security researchers at MalwareHunterTeam have discovered a new piece of malware that has been targeting unsuspected freelancers on Fiverr and Freelancer which means that millions of unsuspected users are currently at risk.

According to analysis shared by MalwareHunterTeam on their Twitter account, attackers are sending malicious attachments “My details.doc,” to freelancers disguising as clients claiming to offer a new job and to view the job requirements, a freelancer is required to click on the malicious documents.

For more information, please read those articles:

the attached files may be Malicious

Fiverr should at least scan attachments for viruses/malware.

I got hit by this last week. I had posted an article on the day I got it. It’s funny because normally I get an email when CS had closed a complaint. Never got one for this. Must have taken it seriously.

I don’t do anything that requires my getting a .doc file and yet sometimes get them where someone insists I read one. Usually it’s a .docx.

The last time the person was very insistent that I read it, and finally said JUST OPEN IT!

And if you are a Fiverr user, you have to read Hacked to get the heads up? What about sellers who would usually enable macros to edit documents for clients? Fiverr could at least send out their own warning email.

If someone sends me a document with a very general message, it’s a huge red flag. I always ask them to send me the details in Fiverr’s chat. They never do.

I do that too, and you’re right, they go away when you say that. It’s just that file they want you to open so badly.

I’ve gotten the exact message that article mentioned at least twice lately.

Well, there are few things in case paranoia hits you.

• After download the attachment scan it with VirusTotal, also an Antivirus is mandatory & BitDefender is the best in this branch.

• You can upload the document (pdf & doc) on Google Docs and that way you won’t open it on your local machine.

• Use Sandboxie or a virtual machine (Linux)

• Make sure your Firewall is always up

• Don’t enable macros on MS Office. It happen to me twice, behind was a little script that wanted to download some exe file. Fortunately, my BitDefender Firewall did a great job by blocking the connection.

• And lastly, if you realize you got hacked or open a virus, immediately disconnect form your internet and reinstall your OS.

Thank you for aware us about this malware. It will be very helpful for all sellers on this marketplace.

I think Fiverr should take care of this , they should implement built in virus and malware scan in their system to automatically scan the file uploaded by the user for potential threats ,and if any threat found by the system in the file it should automatically disable / stop file upload .

I’ve got an antivirus program that will check on my downloaded documents before allowing me to open it. It actually gives me the message that this file is safe to open. I absolutely love my iObit antivirus+ program.

Thanks for your information, But any freelancer already suffer for this? any information?

While I love to tell what is wrong with fiverr, this time I have to say, they do a fairly good job on fake accounts spreading malware or have any other type of harmful contact with buyers. They get disabled pretty fast.

Also, some commons sense is needed from sellers. If someone writes you a short message, and attaches a file, just push back, no real client looks like that.

This has been happening last time I got a files but soon that person’s account was banned. I am really afraid now like people keep sending drive links they are know but when you have work with documents it becomes hard to trust on things.

i am also scared of opening buers attachments

true brother …

For people like me who deal with docx files regularly (scripts, briefs, etc) you can still remain safe if you:

A) never open the file via your browser’s download tab.
B) only open files via “protected mode” while using MS Office.

Scanning all files with an antivirus program is of course mandatory.

And take some time to evaluate who contacts you and how they are communicating with you.

There are plenty of red flags when someone is trying to attack you, and they usually stop trying when you ask them politely to send a brief synopsis via the chat tool.

I’ve had viruses and never had to do that. I assume everyone has a antivirus program so it will catch it and quarentine it.

The most annoying things I’ve had and what is not uncommon is browser hijack ransomware.

It had a big message to call an 800 number and pay about $50.

I spent 3 days one time trying to get rid of that on a computer. I rolled back the entire OS to when it was new to get rid of it.

After SONY PICTURES had all their computers hijacked in this way by the hacking specialists working for a certain government they actually had to pay the hackers a lot of money to get use of their computers again.