Security News > 2021 > April > Hackers Targeting professionals With 'more_eggs' Malware via LinkedIn Job Offers
A new spear-phishing campaign is targeting professionals on LinkedIn with weaponized job offers in an attempt to infect targets with a sophisticated backdoor trojan called "More eggs."
To increase the odds of success, the phishing lures take advantage of malicious ZIP archive files that have the same name as that of the victims' job titles taken from their LinkedIn profiles.
If the LinkedIn member's job is listed as Senior Account Executive-International Freight the malicious zip file would be titled Senior Account Executive-International Freight position," cybersecurity firm eSentire's Threat Response Unit said in an analysis.
"Upon opening the fake job offer, the victim unwittingly initiates the stealthy installation of the fileless backdoor, more eggs."
Campaigns delivering more eggs using the same modus operandi have been spotted at least since 2018, with the backdoor attributed to a malware-as-a-service provider called Golden Chickens.
Once installed, more eggs maintains a stealthy profile by hijacking legitimate Windows processes while presenting the decoy "Employment application" document to distract targets from ongoing background tasks triggered by the malware.
News URL
Related news
- Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites (source)
- Russian Hackers May Have Targeted Ukrainian Telecoms with Upgraded 'AcidPour' Malware (source)
- Russian hackers target German political parties with WineLoader malware (source)
- Russian Hackers Use 'WINELOADER' Malware to Target German Political Parties (source)
- Hackers Hit Indian Defense, Energy Sectors with Malware Posing as Air Force Invite (source)
- Hackers Target macOS Users with Malicious Ads Spreading Stealer Malware (source)
- China-linked Hackers Deploy New 'UNAPIMON' Malware for Stealthy Operations (source)
- Vietnam-Based Hackers Steal Financial Data Across Asia with Malware (source)
- TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks (source)
- Hackers hijack antivirus updates to drop GuptiMiner malware (source)