Sinister "More_eggs" Malware Cracks Into Companies by Targeting Hiring Managers

Malware Hiring ScamsJob seekers, beware - cybercriminals have a nasty new way to slide their malicious code on corporate networks. Researchers have uncovered a devious phishing campaign that's distributing the powerful More_eggs backdoor by disguising it as resume submissions for open roles.

That's right, threat actors are exploiting one of the most routine parts of hiring processes to launch crippling cyber attacks. According to the investigation, malicious actors are responding to job listings on LinkedIn and luring recruiters to fake websites purporting to contain candidate resumes. But attempting to download the "resume" launches a malware infection chain instead.

The cybersecurity firm eSentire spotted one of these attacks in May targeting an industrial services company. The threat actor impersonated a job applicant and tricked a hiring manager into visiting their weaponized site, where a malicious Windows shortcut file triggered the silent deployment of the More_eggs malware.

For the uninitiated, More_eggs is a pernicious modular backdoor capable of harvesting sensitive data, delivering additional payloads, and giving threat actors full remote access. It's part of a Malware-as-a-Service operation run by criminal groups like Golden Chickens, providing potent tools to cybercriminal clientele.

These actors are well-versed in social engineering tactics to boost infection rates. Previous More_eggs campaigns have also used bogus job opportunity lures on LinkedIn to trick professionals into downloading the malware. Leverage people's career aspirations and desire to land their dream job - it's a deviously effective psychological ploy.

The infection vector gets worse. The malicious resume download sites are designed to switch to displaying harmless HTML code after a period of time, erasing traces of the attack for unwitting victims. Brutal stuff aimed at staying undetected for as long as possible inside the target's network.

This campaign highlights why security awareness training for ALL staff, even non-technical roles like HR, is absolutely crucial to blocking phishing and social engineering threats. One wrong click could potentially compromise your entire organization.

Hiring managers need to remain hyper-vigilant about vetting job applicants and purported resumes, especially those coming from sketchy websites or email contacts. If something seems off, stop and get that resume file properly scanned before downloading it. Corporate security policies and best practices must govern how recruitment teams handle candidate materials.

Making sure your staff stays alert to these sneaky tactics could be the difference between safely onboarding great new talent or unknowingly enlisting a malicious code operator onto your payroll. Give your defenses a skills injection - ramp up your organization's security awareness training now to stomp out resume-themed threats.

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

The Hacker News has the full story

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Topics: Phishing, Malware

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews