The More-eggs Malware phishing campaign
Security researchers have recently reported that hackers have been spinning a new spear phishing campaign, the targets of which are professionals in the LinkedIn platform.
Malware-infected job offers that deploy a Trojan threat called “more_eggs” have been rotating in the professionals’ network for some time.
The malicious actors behind the campaign have been trying to lure their victims by using infected Zip archive files with the job titles taken from their LinkedIn profiles.
Researchers explain that the installation of the malware starts as soon as the victims open the fake job offer. The fileless backdoor named more_eggs immediately gets deployed in the system without any indications or symptoms.
This tactic of distribution of the more_eggs Trojan threat is not new. The backdoor has been rotating around the web since 2018 and has been linked to a malware-as-a-service (MaaS) provider known as Golden Chickens.
Unfortunately, it is still not clear what the aim of this new wave of attacks is, but what is known is that more_eggs has been a malware of choice for a number of cybercriminal groups so far.
More_eggs hijacks legitimate Windows processes
Victims of more_eggs may have a hard time detecting the threat because, after installation, the backdoor remains hidden by using camouflaging tactics that distract users from the malicious processes that are run in the background of the system. Most commonly, the Trojan hijacks legitimate Windows processes while displaying a decoy “employment application” document.
In addition to running malware-induced background activities, more_eggs may serve as a backdoor that allows threat actors to install additional malware in the compromised system, including ransomware, spyware, banking Trojans, etc. The criminals may even use the backdoor for data exfiltration purposes without the victim’s knowledge.
In the current COVID pandemic, unemployment has increased drastically and security researchers are noting that this is a great opportunity for threat actors to take advantage of those who are seeking jobs by luring them into installing malware on their computers.
The recently reported spear-phishing campaign is just another example of how cybercriminals are customizing and fine-tuning their tactics during these troubled times.