Threat actors launched an unsuccessful phishing attack against an industrial services firm last month that distributed the more_eggs malware with data exfiltration capabilities via fake resumes, which had been leveraged to spread the malware over two years ago, The Hacker News reports.
Attackers commented a link on LinkedIn job postings that redirected to a fraudulent resume download site that facilitates malicious LNK file downloads, a report from eSentire revealed. Such a file enables malicious DLL retrieval and persistence before the eventual deployment of the more_eggs malware — which is linked to Venom Spider, also known as Golden Chickens — and other payloads.
The findings follow a separate eSentire report detailing Vidar Stealer deployment via a phony KMSPico Windows activator tool website. Malicious sites masquerading as the Advanced IP Scanner were also reported by Trustwave SpiderLabs to have been utilized to enable the spread of the Cobalt Strike tool.
