Network Security, Malware, Phishing

Malicious resumes used to spread more_eggs malware anew

Phishing email

Threat actors launched an unsuccessful phishing attack against an industrial services firm last month that distributed the more_eggs malware with data exfiltration capabilities via fake resumes, which had been leveraged to spread the malware over two years ago, The Hacker News reports.

Attackers commented a link on LinkedIn job postings that redirected to a fraudulent resume download site that facilitates malicious LNK file downloads, a report from eSentire revealed. Such a file enables malicious DLL retrieval and persistence before the eventual deployment of the more_eggs malware — which is linked to Venom Spider, also known as Golden Chickens — and other payloads.

The findings follow a separate eSentire report detailing Vidar Stealer deployment via a phony KMSPico Windows activator tool website. Malicious sites masquerading as the Advanced IP Scanner were also reported by Trustwave SpiderLabs to have been utilized to enable the spread of the Cobalt Strike tool.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.