#Hackers Sneak 'More_Eggs' Malware Into Resumes Sent to Corporate Hiring Managers

-

 image

A new set of phishing attacks delivering the more_eggs malware has been observed striking corporate hiring managers with bogus resumes as an infection vector, a year after potential candidates looking for work on LinkedIn were lured with weaponized job offers. 

 "This year the more_eggs operation has flipped the social engineering script, targeting hiring managers with fake resumes instead of targeting job seekers with fake job offers," eSentire`s research and reporting lead, Keegan Keplinger, said in a statement. 

 The Canadian cyber security company said it identified and disrupted four separate security incidents, three of which occurred at the end of March. Targeted entities include a U.S.based aerospace company, an accounting business located in the U.K., a law firm, and a staffing agency, both based out of Canada. 

 The malware, suspected to be the handiwork of a threat actor called Golden Chickens (aka Venom Spider), is a stealthy, modular backdoor suite capable of stealing valuable information and conducting lateral movement across the compromised network. 

 "More_eggs achieves execution by transferring malicious code to legitimate Windows processes and letting those Windows processes do the work," Keplinger said. The goal is to use your resume as a bait to launch  malware and evade detection. Aside from the reversal of the role of the 

 tactic, it is unclear what the attacker intended, given that the intrusion was stopped before the attacker completed the plan. However, keep in mind that  once deployed, more_eggs can act as a launch pad for further attacks such as information theft and ransomware. 

 "Threat actors behind more_eggs use a scalable spearfishing approach armed with expected communication, such as recruitment manager expectations and resumes that match jobs, and are promising to match  current or previous positions. We will target good candidates, "says Keplinger.

Comments

Post a Comment

Popular posts from this blog

Donald Trump back on Twitter. Elon Musk says he's letting Donald Trump back on Twitter

-
Image
Elon Musk has announced that Donald Trump may be returning to Twitter. Musk justified this decision with the results of his personal Twitter poll. The @realDonaldTrump account and his tweets are back in full view just days after Trump confirmed he would run for president again in 2024. Shortly after taking control of the social network, Musk said he would not reopen suspended accounts until the company established and convened a content moderation council with "very diverse perspectives." . Instead, on Friday night, as people plunged into Thanksgiving weekend, he decided to vote for his followers on his Twitter. "Rehire former President Trump," he tweeted, along with a poll with buttons to select "yes" or "no." "Vox Populi, Vox Dei," he added in a follow-up tweet, in Latin, "The voice of the people is the voice of God." A "yes" answer won him by a narrow margin of 52-48. It's not clear how many of them were bots....
Read more

#The biggest password leak ever: nearly 10 billion credentials exposed

-
Image
    Cybersecurity researchers are calling it the largest password compilation leak of all time. On July 4, a newly registered user on a popular hacking forum posted a file containing nearly 10 billion compromised passwords in plaintext. The post was first noticed by researchers at  Cybernews . RockYou2024 leaked password compilation This gigantic list of leaked passwords known as RockYou2024 provides hackers with an important tool that can be utilized in a brute force attack.  A brute force attack is a popular hacking method where the attacker guesses a user's password by trial-and-error. Hackers commonly use automated scripts when carrying out a brute force attack, which enables them to try out a slew of passwords within a short period of time. With a leaked password database this big, hackers have a nearly unlimited pool of passwords to try out.  “In its essence, the RockYou2024 leak is a comp...
Read more

#Dozens of Tesla Cybertrucks vandalized by someone who really doesn't like Elon Musk

-
Image
  Elon Musk may have just won approval for a $56 billion pay package from his adoring supporters, but someone in Fort Lauderdale is clearly not a fan of the controversial CEO. Last week, dozens of Tesla Cybertrucks were defaced with the words “Fuck Elon” in black spray paint, according to  InsideEVs citing local news reports. Police say that 34 stainless steel trucks were tagged with the message, which was discovered on Friday. The Cybertrucks were being stored in the public parking lot, without any fencing or security, likely being held because of a previously reported problem with the windshield wiper. Tesla is also experiencing an inventory pileup as a result of cooling demand for its electric vehicles. Local news reports that the spray paint was easily removed, with a few trucks still showing some black smudges. But thanks to a few social media accounts, we can still exper...
Read more