FIN6 moves from point-of-sale compromise to phishing recruiters

In a scam that flips the script on fake IT worker schemes, cybercriminals posing as job seekers on LinkedIn and Indeed are targeting recruiters - a group hated only slightly less than digital crooks - with malware hosted on phony resume portfolio sites.

The gang behind the con is FIN6 (aka Skeleton Spider), a financially motivated crew that has moved on from stealing credit card data and compromising point-of-sale systems and into social engineering campaigns like this one. 

In their latest campaign, the criminals initiate contact with recruiters on these job-seeking websites, then direct them to fake portfolio sites hosted on Amazon Web Services that trick targets into downloading a malicious ZIP file delivering More_eggs, a modular JavaScript-based backdoor offered as malware-as-a-service, according to threat-intel firm DomainTools, which spotted this scam and published a whole list of indicators of compromise on GitHub. 

More_eggs malware enables the crooks to remotely execute commands, steal ...