Skip to main content

This spear-phishing LinkedIn scam is targeting job hunters

(Image credit: Image Credit: Geralt / Pixabay)

People hunting for jobs on LinkedIn are being hunted themselves, by cybercriminals. A new report from cybersecurity company eSentire claims a group of hackers that call themselves Golden Chickens are using LinkedIn to distribute a fileless backdoor known as more_eggs.

The modus operandi is quite simple; the group looks for people hunting for jobs, and sends them a .ZIP file supposedly linked with a job application.

Should the victim open the file, the more_eggs fileless backdoor is stealthily installed. The backdoor allows criminals access to the system and enables further installation of malware or ransomware.

eSentire described more_eggs as a “formidable threat to businesses and business professionals” as it is able to circumvent traditional antivirus (opens in new tab) solutions and allows attackers to steal credentials or exfiltrate sensitive data. Furthermore, with the Covid-19 situation leaving many people jobless, the scam is likely to be even more successful than usual. 

The Golden Chickens group is also selling the more_eggs backdoor as a service, analysts have found, with other groups such as FIN6 or Evilnum spotted using it. 

The precise motive is currently unclear, however, as there’s very little value in targeting an unemployed individual. Experts are speculating that criminals may be laying the groundwork to attack their future employers.

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.