Dear Recruiters,
Lets bring your attention to a cunning new phishing scam targeting recruiters, using a malware called “More eggs”.
Technical Details
“More eggs” is a malicious software containing several components engineered to steal valuable credentials for corporate bank accounts, email accounts, and IT administrator account including usernames and passwords. The Golden Chickens group (aka Venom Spider) is believed to Be the threat operators behind the malware and is known to be utilized by other cybercriminals.
Recently, a recruiter in the industrial services was targeted by this scam. Although the attack was unsuccessful, it highlights how easily one can be deceived.
How the Scam Works:
- Contact: The hacker responds to your job posting on LinkedIn with a link to a supposed resume.
- Download: You click the link, thinking it’s a genuine application, and download a harmful file.
- Execution: This file installs the malware on your computer.
- Stealing Information: The malware gathers your data and sets up more malicious activities.
Tricks Used: Hackers make their fake job applications look very convincing. They create realistic LinkedIn profiles and applications to lure you into downloading their malware.
How to Protect Yourself
- Always verify the link before clicking using Virus total etc. Genuine applications usually come through well-known job portals or direct email.
- Be suspicious of attachments from people you don’t know – additional care is required in cases where you must accept documents from the public (such as with employee hiring process). Inspect attachment file types by right clicking the file and selecting properties. Documents should never come as LNK, ISO, or VBS files. Often, these malicious files will be enclosed in a .zip file to bypass email filters.
- Keep your antivirus and security systems updated.
- Regularly educate your team on how to spot phishing attempts.
- Implement multi-factor authentication for accessing sensitive information.
- Users and administrators must adhere to the principle of least privilege by limiting account permissions strictly to those necessary for their operational roles, helping to minimize potential damage from malware infections.
Stay Alert
As recruiters, you are prime targets for these crafty cybercriminals. Always be cautious of unexpected job applications and unfamiliar file downloads. By staying alert and informed, you can protect yourself and your company from these attacks.