#Hackers Sneak 'More_Eggs' Malware Into Resumes Sent to Corporate Hiring Managers

 image

A new set of phishing attacks delivering the more_eggs malware has been observed striking corporate hiring managers with bogus resumes as an infection vector, a year after potential candidates looking for work on LinkedIn were lured with weaponized job offers. 

 "This year the more_eggs operation has flipped the social engineering script, targeting hiring managers with fake resumes instead of targeting job seekers with fake job offers," eSentire`s research and reporting lead, Keegan Keplinger, said in a statement. 

 The Canadian cyber security company said it identified and disrupted four separate security incidents, three of which occurred at the end of March. Targeted entities include a U.S.based aerospace company, an accounting business located in the U.K., a law firm, and a staffing agency, both based out of Canada. 

 The malware, suspected to be the handiwork of a threat actor called Golden Chickens (aka Venom Spider), is a stealthy, modular backdoor suite capable of stealing valuable information and conducting lateral movement across the compromised network. 

 "More_eggs achieves execution by transferring malicious code to legitimate Windows processes and letting those Windows processes do the work," Keplinger said. The goal is to use your resume as a bait to launch  malware and evade detection. Aside from the reversal of the role of the 

 tactic, it is unclear what the attacker intended, given that the intrusion was stopped before the attacker completed the plan. However, keep in mind that  once deployed, more_eggs can act as a launch pad for further attacks such as information theft and ransomware. 

 "Threat actors behind more_eggs use a scalable spearfishing approach armed with expected communication, such as recruitment manager expectations and resumes that match jobs, and are promising to match  current or previous positions. We will target good candidates, "says Keplinger.

Comments

Popular posts from this blog

Donald Trump back on Twitter. Elon Musk says he's letting Donald Trump back on Twitter

#The biggest password leak ever: nearly 10 billion credentials exposed

#Dozens of Tesla Cybertrucks vandalized by someone who really doesn't like Elon Musk