• Cyber Syrup
  • Posts
  • Recruiters Beware: Malware Being Disguised As Resumes

Recruiters Beware: Malware Being Disguised As Resumes

Cybersecurity researchers have recently detected a phishing attack that leverages the More_eggs malware, disguised as a resume

In partnership with

CYBER SYRUP
Delivering the sweetest insights on cybersecurity.

Instantly calculate the time you can save by automating compliance

Whether you’re starting or scaling your security program, Vanta helps you automate compliance across frameworks like SOC 2, ISO 27001, ISO 42001, HIPAA, HITRUST CSF, NIST AI, and more.

Plus, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center, all powered by Vanta AI.

Instantly calculate how much time you can save with Vanta.

Recruiters Beware: Malware Being Disguised As Resumes

Cybersecurity researchers have recently detected a phishing attack that leverages the More_eggs malware, disguised as a resume. This method, which has been around for over two years, targeted an unnamed industrial services company in May 2024, according to Canadian cybersecurity firm eSentire. Although this specific attack was unsuccessful, it highlights the persistent threat posed by the More_eggs malware and the sophisticated techniques used by cybercriminals to infiltrate systems.

What is More_eggs Malware?

More_eggs is a modular backdoor malware believed to be the work of a threat actor group known as Golden Chickens (aka Venom Spider). This malware is sold under a Malware-as-a-Service (MaaS) model, enabling other cybercriminals to use it for their malicious activities. More_eggs is particularly dangerous because it can harvest sensitive information from infected systems, making it a significant threat to businesses and individuals alike.

Who is at Risk?

Organizations and Industries at Risk:

  • Industrial Services: As evidenced by the recent attack, companies in the industrial sector are prime targets.

  • Financial Institutions: These are often targeted due to the valuable data they hold.

  • Government Agencies: They store a plethora of sensitive information, making them attractive to cybercriminals.

  • Healthcare Providers: They are targeted for the personal and medical information they store.

Individuals at Risk:

  • Recruiters and HR Professionals: They are targeted through fake job applications and resumes.

  • LinkedIn Users: Professionals are targeted with job offers to trick them into downloading malware.

  • Employees: Anyone with access to sensitive company data can be a target.

How to Protect Yourself

For Organizations:

  1. Educate Employees: Conduct regular training sessions to help employees recognize phishing attempts and other social engineering tactics.

  2. Implement Strong Security Policies: Use multi-factor authentication (MFA) and ensure that all systems are up-to-date with the latest security patches.

  3. Monitor Network Traffic: Use advanced threat detection systems to monitor for unusual activity on the network.

  4. Restrict Access: Limit access to sensitive information based on the principle of least privilege.

For Individuals:

  1. Be Cautious with Emails: Do not open attachments or click on links from unknown or unexpected senders. Always verify the sender’s identity.

  2. Use Strong Passwords: Use complex passwords and change them regularly. Consider using a password manager.

  3. Enable MFA: Multi-factor authentication adds an extra layer of security, making it harder for attackers to gain access.

  4. Keep Software Updated: Regularly update your operating system, browser, and other software to protect against vulnerabilities.

The Dangers of Phishing and Malware

Phishing attacks, like the one involving More_eggs, are particularly dangerous because they exploit human behavior. By masquerading as legitimate communications, these attacks trick individuals into revealing sensitive information or downloading malware. Once installed, malware like More_eggs can:

  • Harvest Sensitive Data: Steal personal and financial information.

  • Compromise Systems: Gain control over infected devices, potentially leading to further exploitation.

  • Disrupt Operations: Cause significant operational disruptions, especially in critical sectors like healthcare and industrial services.

Case Studies and Additional Threats

eSentire’s findings highlight the ongoing evolution of cyber threats. In previous More_eggs campaigns, attackers have targeted professionals on LinkedIn with job offers designed to deliver malware. In addition to More_eggs, other malware such as Vidar Stealer and malicious campaigns like those leveraging the V3B phishing kit continue to pose significant risks.

For instance, the V3B phishing kit targets banking customers in the European Union, stealing credentials and one-time passwords (OTPs) to commit fraud. Such kits are often sold as Phishing-as-a-Service (PhaaS) on the dark web, making sophisticated attacks accessible to a wider range of cybercriminals.

Conclusion

The persistent threat of phishing attacks and malware like More_eggs underscores the importance of robust cybersecurity practices. By understanding who is at risk and implementing protective measures, both organizations and individuals can better defend against these sophisticated cyber threats. Staying vigilant and proactive is key to maintaining security in an increasingly digital world.