Security News > 2021 > April > Hackers Targeting professionals With 'more_eggs' Malware via LinkedIn Job Offers
A new spear-phishing campaign is targeting professionals on LinkedIn with weaponized job offers in an attempt to infect targets with a sophisticated backdoor trojan called "More eggs."
To increase the odds of success, the phishing lures take advantage of malicious ZIP archive files that have the same name as that of the victims' job titles taken from their LinkedIn profiles.
If the LinkedIn member's job is listed as Senior Account Executive-International Freight the malicious zip file would be titled Senior Account Executive-International Freight position," cybersecurity firm eSentire's Threat Response Unit said in an analysis.
"Upon opening the fake job offer, the victim unwittingly initiates the stealthy installation of the fileless backdoor, more eggs."
Campaigns delivering more eggs using the same modus operandi have been spotted at least since 2018, with the backdoor attributed to a malware-as-a-service provider called Golden Chickens.
Once installed, more eggs maintains a stealthy profile by hijacking legitimate Windows processes while presenting the decoy "Employment application" document to distract targets from ongoing background tasks triggered by the malware.
News URL
Related news
- Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware (source)
- Hackers deploy AI-written malware in targeted attacks (source)
- N. Korean Hackers Deploy New KLogEXE and FPSpy Malware in Targeted Attacks (source)
- FIN7 hackers launch deepfake nude “generator” sites to spread malware (source)
- N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- Unpatched Mazda Connect bugs let hackers install persistent malware (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)