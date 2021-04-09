As the pandemic resulted in layoffs across the world, job searches on the Internet have increased disproportionately. Hackers are taking advantage of it, luring people with job offers and even using professional social media platforms like Linkedln.

A recently published report by cybersecurity solutions provider eSentire, revealed that hackers are hiding malicious zip files in fake job offers. Once users download them, they launch a highly sophisticated phishing attack on their computers.

On April 5, eSentire announced that cybercriminals are even hiding malware in fake LinkedIn job offers.

As per the report, the researchers of the Threat Response Unit (TRU) for eSentire discovered that a group of hackers have used fake job offers to attack business professionals on Linkedin via a backdoor Trojan malware, which enables hackers to remotely control the victim’s computer. Soon after the system’s security is breached, they send, receive, launch and delete files.

How does it work?

The emails first draw on each victim’s profile to create a convincing, personalised offer.

Upon the victims’ opening of this fake offer, they might unwittingly initiate the stealthy installation of the fileless backdoor called more_eggs. There is no malicious file for an antivirus to detect. All the action takes place by subverting normal Windows processes and running scripts in memory.

When it is loaded, the sophisticated backdoor can download additional malicious plugins and provide hands-on access to the victim’s computer. The hacker group behind the stealthy installation then sells the backdoor under a malware- as- a- service (MaaS) arrangement to other cybercriminals.

Once more_eggs become active on the computer of victims, the Golden Eggs seedy customers can go in and infect the system with any type of malware: ransomware, credential stealers, banking malware, or simply use the backdoor as a foothold into the victim’s network so as to exfiltrate data.