Job seekers, beware - cybercriminals have a nasty new way to slide their malicious code on corporate networks. Researchers have uncovered a devious phishing campaign that's distributing the powerful More_eggs backdoor by disguising it as resume submissions for open roles.
That's right, threat actors are exploiting one of the most routine parts of hiring processes to launch crippling cyber attacks. According to the investigation, malicious actors are responding to job listings on LinkedIn and luring recruiters to fake websites purporting to contain candidate resumes. But attempting to download the "resume" launches a malware infection chain instead.
The cybersecurity firm eSentire spotted one of these attacks in May targeting an industrial services company. The threat actor impersonated a job applicant and tricked a hiring manager into visiting their weaponized site, where a malicious Windows shortcut file triggered the silent deployment of the More_eggs malware.
For the uninitiated, More_eggs is a pernicious modular backdoor capable of harvesting sensitive data, delivering additional payloads, and giving threat actors full remote access. It's part of a Malware-as-a-Service operation run by criminal groups like Golden Chickens, providing potent tools to cybercriminal clientele.
These actors are well-versed in social engineering tactics to boost infection rates. Previous More_eggs campaigns have also used bogus job opportunity lures on LinkedIn to trick professionals into downloading the malware. Leverage people's career aspirations and desire to land their dream job - it's a deviously effective psychological ploy.
The infection vector gets worse. The malicious resume download sites are designed to switch to displaying harmless HTML code after a period of time, erasing traces of the attack for unwitting victims. Brutal stuff aimed at staying undetected for as long as possible inside the target's network.
This campaign highlights why security awareness training for ALL staff, even non-technical roles like HR, is absolutely crucial to blocking phishing and social engineering threats. One wrong click could potentially compromise your entire organization.
Hiring managers need to remain hyper-vigilant about vetting job applicants and purported resumes, especially those coming from sketchy websites or email contacts. If something seems off, stop and get that resume file properly scanned before downloading it. Corporate security policies and best practices must govern how recruitment teams handle candidate materials.
Making sure your staff stays alert to these sneaky tactics could be the difference between safely onboarding great new talent or unknowingly enlisting a malicious code operator onto your payroll. Give your defenses a skills injection - ramp up your organization's security awareness training now to stomp out resume-themed threats.
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
The Hacker News has the full story.
Here's how it works:
