Flash news

Applications containing malware to point to the office of human resources

a woman playing league of legends
Photo by RODNAE Productions on Pexels.com

Attacks targeted at the service of the staff of a large company, it can arrive at its destination on the malware through the curricula

Has been detected a new series of phishing attacks that carry the malware more_eggs created ad hoc to take aim at the heads of the recruitment business with a fake curricula as a carrier of infection.

The malware more_eggs in the curriculum

This incident happened a year after that potential candidates in search of jobs on LinkedIn, they were tempted with offers of work is harmful.  

“This year, the operation more_eggs has flipped the script of social engineering, targeting hiring managers with curricula false instead of taking aim at the job-seekers with false offers of employment”, said Keegan Keplingerresponsible for the research and the reporting of eSentire.

According to the canadian society of information security, have been discovered and stopped four different security events, three of which occurred towards the end of march. The objectives include an aerospace company based in the United States, an accounting firm based in the United Kingdom, a law firm and an employment agency, all based in Canada.  

The malware, which is thought to be the product of an actor of threats known as Golden Chickens (also called as Venom Spider), is a suite backdoor modular and invisible able to steal important data and lateral movements through a network hackerata. According Keplinger, more_eggs starts the execution by sending malicious code to Windows processes lawful and allowing those processes to do the work for them. The idea is to use the curriculum as a lure to install malware and avoid detection on the endpoint.

Apart from the role reversal in the operating modes, it is not clear what they wanted to attackers, given that the raids were interrupted before they could realize their intentions. However, it is worth noting that, once popular, more_eggs could be used as a springboard for further attacks such as data theft (Redline, etc), and ransomware.  

Keplinger said that the actors of the threats that operate behind more_eggs using a scalable method of spear-phishing that impacts on communications, expectations, such as cvs, which adapt to the expectations or the offerings of the work of a human resources manager, by taking aim at the offices of the inner of a company can be more far from the prejudices of the attachments, compared to other sectors and, in fact, expect to receive cvs because with them we work on a daily basis.