Your Yello Ring Road To Success
GOOGLE LOGIN MY ADS MY SHOP

Hackers Targeting professionals With ‘more_eggs’ Malware via LinkedIn Job Offers

A new spear-phishing campaign is targeting professionals on
LinkedIn with weaponized job offers in an attempt to infect targets
with a sophisticated backdoor trojan called “more_eggs.”

To increase the odds of success, the phishing lures take
advantage of malicious ZIP archive files that have the same name as
that of the victims’ job titles taken from their LinkedIn
profiles.

“For example, if the LinkedIn member’s job is listed as Senior
Account Executive—International Freight the malicious zip file
would be titled Senior Account Executive—International Freight
position (note the ‘position’ added to the end),” cybersecurity
firm eSentire’s Threat Response Unit (TRU) said[1]
in an analysis. “Upon opening the fake job offer, the victim
unwittingly initiates the stealthy installation of the fileless
backdoor, more_eggs.”

password auditor

Campaigns delivering more_eggs using the same modus operandi[2]
have been spotted at least since 2018, with the backdoor attributed
to a malware-as-a-service (MaaS) provider called Golden Chickens[3]. The adversaries behind
this new wave of attacks remain unknown as yet, although more_eggs[4]
has been put to use by various cybercrime groups such as Cobalt,
FIN6, and EvilNum in the past.

Once installed, more_eggs maintains a stealthy profile by
hijacking legitimate Windows processes while presenting the decoy
“employment application” document to distract targets from ongoing
background tasks triggered by the malware. Furthermore, it can act
as a conduit to retrieve additional payloads from an
attacker-controlled server, such as banking trojans, ransomware,
credential stealers, and even use the backdoor as a foothold in the
victim’s network so as to exfiltrate data.

password auditor

If anything, the latest development is yet another indication of
how threat actors are constantly tweaking their attacks with
personalized lures in an attempt to trick unsuspecting users into
downloading malware.

“Since the COVID pandemic, unemployment rates have risen
dramatically. It is a perfect time to take advantage of job seekers
who are desperate to find employment,” the researchers said. “Thus,
a customized job lure is even more enticing during these troubled
times.”

References

  1. ^
    said
    (www.esentire.com)
  2. ^
    same
    modus operandi     (www.proofpoint.com)
  3. ^
    Golden
    Chickens     (quointelligence.eu)
  4. ^
    more_eggs
    (malpedia.caad.fkie.fraunhofer.de)

Read more