Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?
Golden Chickens Strike Again: More_Eggs Malware Masquerades as Job Applicant Resume in Failed Phishing Attempt
Cybersecurity firm eSentire has detected More_eggs malware disguised as LinkedIn resumes targeting recruiters. The Golden Chickens, aka Venom Spider, use this sophisticated social engineering tactic to distribute the malware. Despite the attack’s failure, it highlights ongoing threats in the industrial services sector.
Hot Take:
Just when you thought it was safe to open a resume, the Golden Chickens strike again with their egg-cellent ploy to scramble your data!
Key Points:
- Phishing attack with More_eggs malware disguised as a resume targets industrial services recruiter.
- Malware distributed via fake LinkedIn job postings leading to malicious resume download site.
- Attack chain involves LNK files and leveraging legitimate Microsoft programs to deploy malware.
- More_eggs offered under Malware-as-a-Service (MaaS); Golden Chickens (Venom Spider) suspected operators.
- Other campaigns include drive-by downloads using fake KMSPico sites and the V3B phishing kit targeting EU banking customers.
Recruiters Beware!
In a plot twist that could rival any Hollywood thriller, cybersecurity researchers have uncovered a phishing attack that tried to serve a recruiter a side of malware along with a resume. The attack, reported in May 2024, targeted an unnamed company in the industrial services industry. The crafty cybercriminals behind the attack, known as the Golden Chickens (aka Venom Spider), tricked the recruiter into thinking they were dealing with a job applicant. Instead of getting a star employee, the recruiter was almost served a malware cocktail known as More_eggs.
Golden Chickens Lay More_eggs
More_eggs is not a new name in the malware hall of fame. This modular backdoor, known for its information-harvesting capabilities, is a hit on the dark web, sold under a Malware-as-a-Service (MaaS) model. In a classic case of “guess who’s back,” the Golden Chickens resurfaced, responding to LinkedIn job posts with a link to a fake resume download site. Instead of getting a resume, victims received a malicious Windows Shortcut file (LNK), which then deployed the More_eggs malware. Talk about a bad hire!
Behind the Malware Curtain
The ingenuity of the Golden Chickens’ tactics lies in their mundane appearance. By employing legitimate Microsoft programs like ie4uinit.exe and regsvr32.exe, they managed to sneak in their malware without raising any immediate red flags. This allowed them to establish persistence, gather data, and drop additional payloads on the infected systems. Their social engineering skills could probably earn them an Oscar, if only they weren’t being used for nefarious purposes.
More_eggs Everywhere
The More_eggs campaigns are still in full swing, targeting unsuspecting LinkedIn professionals with weaponized job offers. The modus operandi remains the same: lure victims with the promise of employment, then hit them with malware. eSentire, the Canadian cybersecurity firm that disclosed this attack, noted that while these campaigns are sparse and selective, their impact is anything but minimal.
Drive-By Downloads and Fake Sites
As if dealing with More_eggs wasn’t enough, eSentire also revealed details of another cyber shenanigan: a drive-by download campaign using fake KMSPico sites to distribute Vidar Stealer. These fake sites even had the audacity to be hosted behind Cloudflare Turnstile, requiring human input to download the final ZIP package. It’s like they’re saying, “We dare you to catch us!”
Phishing-as-a-Service
If you thought the malware-as-a-service model was bad, wait till you hear about Phishing-as-a-Service (PhaaS). Enter V3B, a phishing kit making waves (and emptying bank accounts) in the European Union. For a monthly fee of $130-$450, cybercriminals get access to customized templates that mimic authentication and verification processes of over 54 banks. The kit even features real-time interaction capabilities to nab one-time passwords (OTPs) and execute QR code login jacking attacks. It’s the cybercrime equivalent of a Swiss Army knife.
Phishing Kit Success
Since its debut in March 2023, V3B has built quite the client base, with hundreds of cybercriminals using it to commit fraud. The kit’s advanced capabilities and localized templates make it a potent tool in the hands of cybercriminals. Victims are left with empty bank accounts and a newfound distrust of seemingly legitimate online interactions.
Conclusion
In the ever-evolving landscape of cyber threats, the creativity and persistence
Already a member? Log in here