#Hackers Sneak 'More_Eggs' Malware Into Resumes Sent to Corporate Hiring Managers
A new set of phishing attacks delivering the more_eggs malware has been observed striking corporate hiring managers with bogus resumes as an infection vector, a year after potential candidates looking for work on LinkedIn were lured with weaponized job offers.
"This year the more_eggs operation has flipped the social engineering script, targeting hiring managers with fake resumes instead of targeting job seekers with fake job offers," eSentire`s research and reporting lead, Keegan Keplinger, said in a statement.
The Canadian cyber security company said it identified and disrupted four separate security incidents, three of which occurred at the end of March. Targeted entities include a U.S.based aerospace company, an accounting business located in the U.K., a law firm, and a staffing agency, both based out of Canada.
The malware, suspected to be the handiwork of a threat actor called Golden Chickens (aka Venom Spider), is a stealthy, modular backdoor suite capable of stealing valuable information and conducting lateral movement across the compromised network.
"More_eggs achieves execution by transferring malicious code to legitimate Windows processes and letting those Windows processes do the work," Keplinger said. The goal is to use your resume as a bait to launch malware and evade detection. Aside from the reversal of the role of the
tactic, it is unclear what the attacker intended, given that the intrusion was stopped before the attacker completed the plan. However, keep in mind that once deployed, more_eggs can act as a launch pad for further attacks such as information theft and ransomware.
"Threat actors behind more_eggs use a scalable spearfishing approach armed with expected communication, such as recruitment manager expectations and resumes that match jobs, and are promising to match current or previous positions. We will target good candidates, "says Keplinger.
Comments
Post a Comment