According to researchers, hackers are a spearhead for stealing a malicious zip file using a LinkedIn profile job profile.
A hacking group is spear phishing business professionals on LinkedIn
with fake job offers to get remote control over the victim’s device,
according to researchers at eSentire.
Spear phishing is an email or electronic communication scam where a victim receives an email that leads them to a fake website infected with malware. The purpose of the attack is to steal data or install malware on the victims' device.
According to researchers, hackers are a spearhead for stealing a malicious zip file using a LinkedIn profile job profile. For example, if a LinkedIn member's job is listed as a Senior Account Executive-International Freight, a bad zip file can be called a Senior Account Executive - International Freight position.
When users open a fake application, they start installing a subtitle file, titled 'more_eggs'. Once uploaded, an external Trojan can download additional plugins and grant access to the victim's computer.
Alternatively, it can infect the system with any type of malware including ransomware, credential theft, bank malware, or simply use the backdoor as a victim's network base to capture data.
More_egs has a huge impact on business as it uses standard Windows operating systems, which means it can't be downloaded by anti-virus and automated security solutions.
Crime operators have been taking advantage of increased employment opportunities since the COVID epidemic. Attracting job seekers is very appealing these days.
Posts
