News &
Information

Authenticator Software: Being Exploited By Cybercriminals

Users seeking stronger security are duped into downloading fake security apps.

Social Media Posts Lead To Malware-Ridden Resumés

Job posting sites have been the unwitting hosts of malware distribution programs. Learn about the risk.

More Malware, Targeting macOS And Phone Apps, Spawns New Employer Cyber Risks

New data disproves the old belief that Mac devices are more secure. Learn about the risk.

Cybercriminals Are "Swatting" Victims To Step Up The Pressure To Pay

Cybercriminals are using threats of "swatting" to gain cooperation with their cyber ransom demands. Learn about the risk.

Social Media Posts Lead To Malware-Ridden Resumés

September 5, 2024

The Hacker News reported a link was posted in the comments section of LinkedIn's job hosting site. That link redirected unsuspecting users to a fraudulent resumé download site that facilitates malicious LNK file downloads.

These files enable malicious DLL retrieval and remain in a system until the "more_eggs" malware is downloaded. That malware is linked to Venom Spider, also known as Golden Chickens, and other malicious payloads.

More_eggs, also known as SpicyOmelette, is a type of malware that steals sensitive data, can remotely control infected devices, and can download additional malware. Cybercriminals use it spear phishing attacks – where cybercriminals customize emails and payloads to target specific people. It's often used in spear phishing attacks, where cybercriminals can customize emails to target specific people. "Malicious resumes used to spread more_eggs malware anew" www.scmagazine.com (Jun. 11, 2024)

Commentary

Malware distribution via social media is a real threat. Organizations that solicit potential employees or subcontractors through social media should closely review their protocols on postings and resumé attachments via email or text. 

A typical resume/job seeker attack uses both malware and social engineering techniques to bypass normal security protocols. The phishing emails purport to be from a job seeker, with a variation of a message to the effect of: "Hello, I saw your website and I'm interested in a position. Please see my attached resumé." The message is intended for hiring managers or the HR department, and contains an attached Microsoft Word document called "resumé." This attachment, in actuality, delivers malware and uses several counter-detection measures.

Human resource personnel and those who perform hiring duties within an organization should not open attachments, including resumés, unless the document is expected from a known source. Unexpected and/or unrequested resumés should be viewed as spam and discarded.

The use of third-party services to vet resumés is also a good use of corporate resources, helping shield your organization from malware exposure.

Finally, your opinion is important to us. Please complete the opinion survey: