Threat Awareness – Threat Actors Target Recruiters Posing as Job Applicants

Cybersecurity researchers have recently identified a phishing campaign designed to distribute More_eggs malware through malicious resumes in fake job applications. This attack specifically targets recruiters, whereby posing as a job applicant, the threat actor lures the recruiter to a malicious website. More_eggs malware acts as a backdoor and is capable of harvesting sensitive information. It operates under a Malware-as-a-Service (MaaS) model making it available to other less-sophisticated threat actors, expanding its use.

According to reporting, the latest attack chain entails the malicious actors responding to LinkedIn job postings with a link to a fake resume download site that results in the download of a malicious Windows Shortcut file (LNK). It’s also worth noting that previous More_eggs activity has targeted professionals on LinkedIn with weaponized job offers to trick them into downloading the malware.

While this is not a new tactic, this campaign is another example how threat actors use social engineering techniques to target various staff with relevant and expected themes. Members are encouraged to offer job-specific security awareness training about this tactic to human resources and other staff involved in job recruitment. For more information, visit The Hacker News.