Jump to content

LinkedIn Users Targeted by Spear-Phishing Campaign


Recommended Posts

LinkedIn Users Targeted by Spear-Phishing Campaign




Security researchers are warning LinkedIn users to beware of unsolicited job offers after revealing a new spear-phishing campaign designed to install Trojan malware on their devices.


The eSentire Threat Response Unit (TRU) yesterday claimed that individuals were being targeted with customized files named the same as their own current role.

“Upon opening the fake job offer, the victim unwittingly initiates the stealthy installation of the fileless backdoor, more_eggs. Once loaded, the sophisticated backdoor can download additional malicious plugins and provide hands-on access to the victim’s computer,” it continued.

“The threat group behind more_eggs, Golden Chickens, sell the backdoor under a malware-as-a-service (MaaS) arrangement to other cyber-criminals.”


Once more_eggs is installed, the backdoor can be used by Golden Chickens customers to further their own campaigns, by infecting with additional malware like ransomware, credential stealers and banking Trojans, warned eSentire. Backdoor access could also be used to find and exfiltrate sensitive data from the victims’ machine, it added.


The group is thought to be taking advantage of the high number of COVID-19 redundancies in the US to spread this email campaign, whilst including the victim’s own LinkedIn job position as the name of the malicious Zip file to increase the chances of them opening it.


The Trojan also abuses legitimate Windows processes such as WMI to evade detection by traditional AV tools.


The campaign is similar to one from 2019 in which employees of US retail, entertainment and pharmaceutical companies were targeted by the same more_eggs Trojan disguised as a job offer matching their own current position, eSentire claimed.


Noted Advanced Persistent Threat (APT) groups including FIN6, Cobalt Group and Evilnum have all been spotted in the past using more_eggs in their attacks, although it’s unclear who is behind the Golden Chickens group.



Source: LinkedIn Users Targeted by Spear-Phishing Campaign

Link to comment
Share on other sites

  • Replies 0
  • Created
  • Last Reply

Top Posters In This Topic

  • mood


Popular Days

Top Posters In This Topic

Popular Days

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...