Spear phishing tactics use linkedIn

With a COVID-influenced economy, job hunting has become very difficult, and as a result, more and more people are using LinkedIn as a tool to look for remote jobs or local jobs online. However, things might have become more dangerous because these job offers are now the target of cyber criminals. Early this week, security firm eSentire warned LinkedIn users of a new Spear Phishing attack hackers use to infect devices with backdoor Trojans.

The fake job offer plot was reportedly hatched by a hacking group named Golden Chickens, and the fileless backdoor Trojan horse is suitably named more_eggs. The plan involves taking the title from a user's LinkedIn profile, such as Senior Web Developer, and then sending them a job offer along with a zip file titled "Senior Web Developer position" attached. When the victim opens this file, more_eggs will be installed on their device without any warning. It can download malicious plugins and give hackers direct access to your system. 

According to the eSentire Senior Director for Threat Response Rob McLeod more_eggs is a formidable threat due to three certain elements:

  1. It utilizes normal Windows processes to run, so it will not typically be picked up by anti-virus or automated security solutions, so it is pretty stealthy.
  2. Including the victim's job title from LinkedIn in the weaponized campaign increases the odds of detonating the malware.
  3. Due to the ongoing COVID-19 pandemic, unemployment rates have remained high, making it a perfect time to take advantage of job seekers who are desperate to find employment. A customized job bait is even more enticing during this situation.

These three elements make more_eggs and the cybercriminals that use this backdoor very lethal. According to the report, the Golden Chickens are probably not conducting the attacks. They are focused on selling more_eggs under a malware-as-a-service (MaaS) arrangement to cybercriminals more_eggs has so far been used by three notable threat groups: FIN6, Cobalt Group, and Evilnum. 

This phishing campaign is especially worrisome as unemployment rates have drastically climbed up since the start of the COVID-19 pandemic. This is the type of situation cyber criminals love. This attack's psychology uses the tense situation of being unemployed to target those desperate to get a job. Although some might be cautious due to desperation, others might still open the corrupted file and open themselves to ransomware to credential stealers. It has never been more critical for companies and individuals to increase their Security Awareness and protect their data