Hiring Online? Think Twice Before Selecting That Resumé

December 5, 2024

A spear-phishing email campaign is targeting recruiters. The attackers use fake job applications to deliver a JavaScript backdoor known as More_eggs.

This campaign is attributed to the Golden Chickens group.

From the source:

"A sophisticated spear-phishing lure tricked a recruitment officer into downloading and executing a malicious file disguised as a resume, leading to a more_eggs backdoor infection," Trend Micro researchers Ryan Soliven, Maria Emreen Viray, and Fe Cureg said in an analysis.

More_eggs, sold as a malware-as-a-service (MaaS), is a malicious software that comes with capabilities to siphon credentials, including those related to online bank accounts, email accounts, and IT administrator accounts.

It's attributed to a threat actor called the Golden Chickens group (aka Venom Spider), and has been put to use by several other e-crime groups like FIN6 (aka ITG08), Cobalt, and Evilnum. https://thehackernews.com/2024/10/fake-job-applications-deliver-dangerous.html (Oct. 02, 2024).
 

Commentary

More_eggs is a sophisticated backdoor trojan that operates through several key mechanisms to steal data and perform other malicious activities.

The malware typically enters a system via spear-phishing emails containing malicious links or attachments disguised as legitimate files, like a resumé. Once executed, More_eggs establishes a connection with a command-and-control server using encrypted channels. Once that is accomplished, it can download and execute additional payloads, such as infostealers or ransomware.

The malware gathers system information, including OS systems, computer name, IP address, and user details. The malware checks for installed anti-malware programs and uses various techniques to evade detection, such as encryption.

The More_eggs system and the criminal gangs that use it are targeting employers. Criminals know that employers are always seeking talent. They are also aware that it is customary to review resumés sent to you; perhaps save the resumé for future reference; and acknowledge receipt of the resumé as a matter of professional courtesy. 

The final takeaway is if someone sends you an unsolicited message with an attached resumé, you should never reply to the message and you should not select any attachment or link embedded in the message.

Finally, your opinion is important to us. Please complete the opinion survey:

Product

Articles

Do Employees Want More Or Better Benefits? You Make The Call

Research suggests the size of a benefits package is not necessarily what increases employee satisfaction. You make the call.

Ignoring Reports Of Discrimination: An Unhealthy Risk For Healthcare Employers

A hospital administrator sued her former healthcare employer for retaliation after she reported age and gender discrimination. Learn about the risks of ignoring complaints.

Pretextual Terminations And Selective Enforcement Of Policies

The head of Kansas City's Civil Rights and Equal Opportunity Department was terminated, allegedly based on discrimination. We examine the issue of pretextual terminations.

Is Your Organization Facing A "Perfect Storm" Of Well-Being Challenges? You Make The Call

A UK study claims a perfect storm of well-being challenges have hit the UK. What about your organization? Let us know. You make the call and join the conversation.

Physician's Methods And Manners Spark Mass Litigation

A group of female patients sue a medical center because of the actions of one doctor, who denies any wrongdoing. How should healthcare employers prevent mass claims of sexual abuse? We examine.