Manage Pressing Risks with EPL-Risk.com

A one-stop hub for practical, timely and actionable insights, tools and training that may save thousands of dollars by minimizing potential loss exposures, human resources expenses, training costs, and attorney fees.

View employment practice trends

Today's Workplace

Survey Shows IT Pros Are Unable To Keep Up With Data Demands Over Security Concerns

Businesses need access to data to make good decisions, but too much security means data can often be overlooked. We examine the question of security versus data access.

Continue reading

Decentralizing Data Using Cloud Networks Limits Cyber Attack Harm

A cyberattack on a city did not cause major problems because the city had taken proactive measures for just such an incident. We examine the steps taken to minimize damage.

Continue reading

Avoiding Capture From Fake CAPTCHAs

Hackers are at it again. Now they are using the CAPTCHA security tool to trick users to download malware. We show the scheme and how to spot it.

Continue reading

Hiring Online? Think Twice Before Selecting That Resumé

December 5, 2024

A spear-phishing email campaign is targeting recruiters. The attackers use fake job applications to deliver a JavaScript backdoor known as More_eggs.

This campaign is attributed to the Golden Chickens group.

From the source:

"A sophisticated spear-phishing lure tricked a recruitment officer into downloading and executing a malicious file disguised as a resume, leading to a more_eggs backdoor infection," Trend Micro researchers Ryan Soliven, Maria Emreen Viray, and Fe Cureg said in an analysis.

More_eggs, sold as a malware-as-a-service (MaaS), is a malicious software that comes with capabilities to siphon credentials, including those related to online bank accounts, email accounts, and IT administrator accounts.

It's attributed to a threat actor called the Golden Chickens group (aka Venom Spider), and has been put to use by several other e-crime groups like FIN6 (aka ITG08), Cobalt, and Evilnum. https://thehackernews.com/2024/10/fake-job-applications-deliver-dangerous.html (Oct. 02, 2024).
 

Commentary

More_eggs is a sophisticated backdoor trojan that operates through several key mechanisms to steal data and perform other malicious activities.

The malware typically enters a system via spear-phishing emails containing malicious links or attachments disguised as legitimate files, like a resumé. Once executed, More_eggs establishes a connection with a command-and-control server using encrypted channels. Once that is accomplished, it can download and execute additional payloads, such as infostealers or ransomware.

The malware gathers system information, including OS systems, computer name, IP address, and user details. The malware checks for installed anti-malware programs and uses various techniques to evade detection, such as encryption.

The More_eggs system and the criminal gangs that use it are targeting employers. Criminals know that employers are always seeking talent. They are also aware that it is customary to review resumés sent to you; perhaps save the resumé for future reference; and acknowledge receipt of the resumé as a matter of professional courtesy. 

The final takeaway is if someone sends you an unsolicited message with an attached resumé, you should never reply to the message and you should not select any attachment or link embedded in the message.

Finally, your opinion is important to us. Please complete the opinion survey: