Network Security, Malware, Phishing

Fraudulent job lures leveraged for novel Warmcookie malware delivery

Phishing Alert text button on keyboard

BleepingComputer reports that threat actors have launched phishing campaigns involving phony job and recruitment offers to facilitate the spread of the new advanced Warmcookie malware that enables screenshot capturing, machine fingerprinting, and further payload delivery on Windows machines.

Malicious recruitment emails sent by the attackers included a link purporting to be for an internal system containing the job description that redirects targets to spoofed landing pages that seek CAPTCHAs before downloading an obfuscated JavaScript file, which when executed downloads the Warmcookie payload, a report from Elastic Security Labs revealed.

After fingerprinting targeted machines upon ensuring command-and-control communications, Warmcookie proceeds to obtain key device information and screenshots, as well as execute arbitrary commands that underwent integrity check processing, according to researchers.

Aside from enabling program enumeration, file injection, and certain file data exfiltration, Warmcookie also bypasses analysis by not working should the targeted devices have lacking memory values, researchers added.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.