- Get a Microsoft 365 license for $40 right now (save 42%)
- 20 years of Ubuntu: Canonical celebrates with upcoming 24.10 - and it's outstanding as usual
- Join Costco and get a free $20 gift card. Here's how
- Cyber-Attacks Hit Over a Third of English Schools
- 예상보다 더딘 M365 코파일럿 도입··· 걸림돌은 ‘ROI’와 ‘사내 데이터 정책’
LinkedIn Users Targeted by Spear-Phishing Campaign
Security researchers are warning LinkedIn users to beware of unsolicited job offers after revealing a new spear-phishing campaign designed to install Trojan malware on their devices.
The eSentire Threat Response Unit (TRU) yesterday claimed that individuals were being targeted with customized files named the same as their own current role.
“Upon opening the fake job offer, the victim unwittingly initiates the stealthy installation of the fileless backdoor, more_eggs. Once loaded, the sophisticated backdoor can download additional malicious plugins and provide hands-on access to the victim’s computer,” it continued.
“The threat group behind more_eggs, Golden Chickens, sell the backdoor under a malware-as-a-service (MaaS) arrangement to other cyber-criminals.”
Once more_eggs is installed, the backdoor can be used by Golden Chickens customers to further their own campaigns, by infecting with additional malware like ransomware, credential stealers and banking Trojans, warned eSentire. Backdoor access could also be used to find and exfiltrate sensitive data from the victims’ machine, it added.
The group is thought to be taking advantage of the high number of COVID-19 redundancies in the US to spread this email campaign, whilst including the victim’s own LinkedIn job position as the name of the malicious Zip file to increase the chances of them opening it.
The Trojan also abuses legitimate Windows processes such as WMI to evade detection by traditional AV tools.
The campaign is similar to one from 2019 in which employees of US retail, entertainment and pharmaceutical companies were targeted by the same more_eggs Trojan disguised as a job offer matching their own current position, eSentire claimed.
Noted Advanced Persistent Threat (APT) groups including FIN6, Cobalt Group and Evilnum have all been spotted in the past using more_eggs in their attacks, although it’s unclear who is behind the Golden Chickens group.