Social Media Posts Lead To Malware-Ridden Resumés

September 5, 2024

The Hacker News reported a link was posted in the comments section of LinkedIn's job hosting site. That link redirected unsuspecting users to a fraudulent resumé download site that facilitates malicious LNK file downloads.

These files enable malicious DLL retrieval and remain in a system until the "more_eggs" malware is downloaded. That malware is linked to Venom Spider, also known as Golden Chickens, and other malicious payloads.

More_eggs, also known as SpicyOmelette, is a type of malware that steals sensitive data, can remotely control infected devices, and can download additional malware. Cybercriminals use it spear phishing attacks – where cybercriminals customize emails and payloads to target specific people. It's often used in spear phishing attacks, where cybercriminals can customize emails to target specific people. "Malicious resumes used to spread more_eggs malware anew" www.scmagazine.com (Jun. 11, 2024)

Commentary

Malware distribution via social media is a real threat. Organizations that solicit potential employees or subcontractors through social media should closely review their protocols on postings and resumé attachments via email or text. 

A typical resume/job seeker attack uses both malware and social engineering techniques to bypass normal security protocols. The phishing emails purport to be from a job seeker, with a variation of a message to the effect of: "Hello, I saw your website and I'm interested in a position. Please see my attached resumé." The message is intended for hiring managers or the HR department, and contains an attached Microsoft Word document called "resumé." This attachment, in actuality, delivers malware and uses several counter-detection measures.

Human resource personnel and those who perform hiring duties within an organization should not open attachments, including resumés, unless the document is expected from a known source. Unexpected and/or unrequested resumés should be viewed as spam and discarded.

The use of third-party services to vet resumés is also a good use of corporate resources, helping shield your organization from malware exposure.

Finally, your opinion is important to us. Please complete the opinion survey:

Download Video: MP4 WebM

Twitter


This site uses essential/technical cookies to function. Cookies allow us to provide the best experience possible and must be enabled to use this site properly. By continuing to use this site, you agree to our use of cookies. Please see our Privacy Policy or How to Enable Cookies for more information.

An error has occurred. We have been notified and are working to resolve the problem. Please return to the front page and try this action again later.

Error!

An Error has ocurred on this site.

The error has been reported to our programmers and we are working to correct it. We generally get errors fixed overnight, so please feel free to try this action again tomorrow.