A recent phishing attack has been uncovered, distributing the More_eggs malware under the guise of resumes. Targeting recruiters through LinkedIn job postings, the attack aims to trick victims into downloading malicious payloads by presenting fake resume download sites. The attempt, disclosed by Canadian cybersecurity firm eSentire, was aimed at an unnamed company in the industrial services industry in May 2024. Despite being unsuccessful, it highlights the ongoing threat posed by social engineering tactics used by cybercriminals to distribute malware.
More_eggs, a modular backdoor believed to be operated by threat actors known as the Golden Chickens or Venom Spider, is capable of harvesting sensitive information. The malware, offered under a Malware-as-a-Service model, poses a significant risk to organizations due to its ability to establish persistence, gather data, and drop additional payloads. eSentire has previously identified real-world individuals associated with the operation, further highlighting the complexity of the threat landscape posed by such malware campaigns.
The phishing campaign observed by eSentire involves attackers responding to LinkedIn job postings with links to fake resume download sites. These sites lead victims to download malicious Windows Shortcut files (LNK), which are then used to retrieve a malicious DLL and establish persistence on infected systems. Despite the unsuccessful attempt disclosed, More_eggs campaigns remain active, emphasizing the need for organizations to remain vigilant against social engineering tactics used by threat actors to distribute malware.
In addition to the More_eggs phishing attack, eSentire also revealed details of a drive-by download campaign distributing Vidar Stealer through fake websites. The emergence of new phishing kits, such as V3B targeting European banking customers, further underscores the evolving nature of cyber threats and the importance of robust cybersecurity measures to protect against them.
Reference:
