According to researchers, hackers are spear phishing with a malicious zip file using the job position listed on the target’s LinkedIn profile.
(Subscribe to our Today’s Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)
A hacking group is spear phishing business professionals on LinkedIn with fake job offers to get remote control over the victim’s computer, according to researchers at eSentire.
Spear phishing is an email or electronics communications scam in which a victim receives an email that leads them to a fake website infected with malware. The aim of the attack is to steal data or install malware on victims’ device.
According to researchers, hackers are spear phishing with a malicious zip file using the job position listed on the target’s LinkedIn profile. For instance, if the LinkedIn member’s job is listed as Senior Account Executive—International Freight, the malicious zip file would be titled Senior Account Executive—International Freight position.
Once a users open the fake job offer, they initiate the installation of file-less backdoor, titled ‘more_eggs’. Once loaded, the backdoor trojan can download additional malicious plugins and provide hands-on access to the victim’s computer.
Besides, it can infect the system with any type of malware including ransomware, credential stealers, banking malware, or simply use the backdoor as a foothold into the victim’s network so as to exfiltrate data.
More_eggs possess a significant threat to business as it uses normal Windows processes to run, meaning it is not going to typically be picked up by anti-virus and automated security solutions.
Cybercriminals are taking advantage of the rising unemployment rates since the COVID pandemic. Luring job seekers is more enticing in these times.
