People hunting for jobs on LinkedIn are being hunted themselves, by cybercriminals. A new report from cybersecurity company eSentire claims a group of hackers that call themselves Golden Chickens are using LinkedIn to distribute a fileless backdoor known as more_eggs.
The modus operandi is quite simple; the group looks for people hunting for jobs, and sends them a .ZIP file supposedly linked with a job application.
Should the victim open the file, the more_eggs fileless backdoor is stealthily installed. The backdoor allows criminals access to the system and enables further installation of malware or ransomware.
eSentire described more_eggs as a “formidable threat to businesses and business professionals” as it is able to circumvent traditional antivirus solutions and allows attackers to steal credentials or exfiltrate sensitive data. Furthermore, with the Covid-19 situation leaving many people jobless, the scam is likely to be even more successful than usual.
The Golden Chickens group is also selling the more_eggs backdoor as a service, analysts have found, with other groups such as FIN6 or Evilnum spotted using it.
The precise motive is currently unclear, however, as there’s very little value in targeting an unemployed individual. Experts are speculating that criminals may be laying the groundwork to attack their future employers.