A phishing campaign is impersonating recruiting firms to target job seekers with a new strain of malware, according to researchers at Elastic Security.
“Since late April 2024, our team has observed new phishing campaigns leveraging lures tied to recruiting firms,” the researchers write.
“These emails targeted individuals by their names and their current employer, enticing victims to pursue new job opportunities by clicking a link to an internal system to view a job description....Once clicked, the users hit a landing page that looks like a legitimate page specifically targeted for them.
There, they are prompted to download a document by solving a CAPTCHA challenge. The landing pages resemble previous campaigns documented by Google Cloud’s security team when discussing a new variant of URSNIF.”
If the user enters the CAPTCHA, a malicious JavaScript file will be downloaded from the page. This file will begin the installation process for a strain of malware dubbed “WARMCOOKIE.”
“WARMCOOKIE is a newly discovered backdoor that is gaining popularity and is being used in campaigns targeting users across the globe,” Elastic Security says. “Our team believes this malware represents a formidable threat that provides the capability to access target environments and push additional types of malware down to victims. While there is room for improvement on the malware development side, we believe these minor issues will be addressed over time.”
The researchers note that the threat actors have taken measures to avoid detection by security technologies.
“Before hitting each landing page, the adversary distances itself by using compromised infrastructure to host the initial phishing URL, which redirects the different landing pages,” the researchers write. “The threat actor generates new domains while the reputation catches up with each domain after each campaign run. At the time of writing, the threat actor can be seen pivoting to fresh domains without many reputation hits.”
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Elastic Security has the story.
Here's how it works:
