Hackers are now pretending to be jobseekers to spread malware
techradar.com
- DomainTools spots hackers creating fake job seeker personas
- They target recruiters and HR managers with the More Eggs backdoor
- The backdoor can steal credentials and execute commands
Hackers are now pretending to be jobseekers, targeting recruiters and organizations with dangerous backdoor malware, experts have warned.
Cybersecurity researchers DomainTools recently spotted a threat actor known as FIN6 using this method in the wild, noting the hackers would first create fake personas on LinkedIn, and create fake resume websites to go along.
The website domains are bought anonymously via GoDaddy, and are hosted on Amazon Web Services (AWS), to avoid being flagged or quickly taken down.
More Eggs
The hackers would then reach out to recruiters, HR managers, and business owners on LinkedIn, building a rapport before moving the conversation to email. Then, they would share the resume website which filters visitors based on their operating system ...
Copyright of this story solely belongs to techradar.com . To see the full text click HERE