Hackers insert the ‘More Eggs’ malware into resumes sent to hiring managers at corporations

A year after fake job offers attracted potential LinkedIn job searchers, a fresh wave of phishing attempts targeting corporate recruiting supervisors with the more eggs virus has been uncovered, employing fake resumes as an infection vector.

“This year, the more eggs operation has inverted the social engineering script, targeting hiring managers with fake resumes rather than job seekers with fake job offers,” said Keegan Keplinger, research and reporting lead at eSentire.

Four independent security incidents were found and disrupted, three of which occurred near the end of March, according to the Canadian cybersecurity firm.

Among the firms targeted are a US-based aerospace corporation, a UK-based accounting firm, a Canadian law firm, and a hiring agency.

The virus, which is suspected to be the work of a threat actor known as Golden Chickens (aka Venom Spider), is a stealthy, adaptable backdoor suite capable of gathering sensitive data and moving transverse throughout the compromised network.

“More eggs function by distributing malicious code to legitimate Windows processes and enabling those processes to do the work for them,” Keplinger stated.

The plan is to use resumes as a pretense to launch the infection while avoiding detection.

Apart from the role reversal in the style of operation, it’s unclear what the attackers were after, especially since the invasions were stopped before they could carry out their plans.

It’s worth mentioning, though, that once released, more eggs might be used as a launchpad for further attacks like identity theft and ransomware.

“More eggs’ criminal actors use a scaled spear-phishing strategy that weaponizes expected communications, such as resumes, that suit a recruiting manager’s needs or career prospects, targeting optimistic individuals with current or prior employment titles,” Keplinger continued.

Check out Chris Titus Tech’s YouTube channel to learn more about how to defend yourself from phishing attempts and viruses. Chris Titus Tech is a channel we’ve been watching for a while, and when surfing YouTube, I came upon a video by Chris on how to protect oneself from malware in Windows. Because many corporate recruiting managers are frequently required to adopt Windows through their firms’ management. I thought this video would be an excellent complement to this article.

What is a Decentralized VPN (dVPN)?