According to eSentire researchers, the hacking group is a phishing expert on LinkedIn, offering fake jobs to remotely control victims’ computers.

Spear phishing is an email or email scam in which a victim receives an email that directs them to a fake website infected with malware. The purpose of the attack is to steal data or install malware on the victim’s device.

According to researchers, hackers are phishing malicious zip files using the positions listed in the target’s LinkedIn profile. For example, if a LinkedIn member job is listed as Senior Account Executive International Freight, the malicious zip file will be titled Senior Account Executive International Freight.

When a user opens a fake job, the installation of a fileless backdoor titled more_eggs begins. Once loaded, the backdoor Trojan can download additional malicious plugins and provide hands-on access to the victim’s computer.

In addition, it could infect systems with all types of malware, including ransomware, credential-stealing malware, and bank malware, and could use backdoors as a stepping stone to victims’ networks to steal data. There is.

More_eggs poses a significant business threat because they run using normal Windows processes. That is, it is usually not detected by antivirus and automated security solutions.

Cybercriminals are taking advantage of the rising unemployment rate since the COVID pandemic. Attracting job seekers is more attractive in these times.

