"LinkedIn Users Targeted by Spear-Phishing Campaign"

Security researchers from eSentire Threat Response Unit (TRU) are warning LinkedIn users to beware of unsolicited job offers after revealing a new spear-phishing campaign designed to install Trojan malware on their devices.  When a victim opens the fake job offer, the victim unwittingly initiates the stealthy installation of the fileless backdoor, more_eggs. Once loaded, the sophisticated backdoor can download additional malicious plugins and provide hands-on access to the victim’s computer.  The researchers also found that the threat group behind more_eggs is Golden Chickens.  Golden Chickens sells the backdoor under a malware-as-a-service (MaaS) arrangement to other cyber-criminals.  Once more_eggs is installed, Golden Chickens customers can use the backdoor to further their own campaigns by infecting with additional malware like ransomware, credential stealers, and banking Trojans warned eSentire.  The backdoor access could also be used to find and exfiltrate sensitive data from the victims’ machine.
 

Infosecurity reports: "LinkedIn Users Targeted by Spear-Phishing Campaign"