Rewterz Threat Alert – Golden chickens and more eggs luring professionals through LinkedIn

Severity

Medium

Analysis Summary

Golden chickens is a threat group of cybercriminals that are using spear-phishing tactics to attack professionals on LinkedIn. The LinkedIn members receive attractive and enticing job offers that tempt them to open the attached ZIP files that initiate the stealth download of the “more_eggs” fileless backdoor. 

For instance, if your job listing on LinkedIn is “Digital Marketing Manager,” the job offer would be of a digital marketing managerial position. Upon opening the ZIP file, the malicious more_eggs backdoor will be installed automatically.

This malware can then fetch additional malware (banking malware) once downloaded and open access to the victim’s information and system. Moreover, the Golden chickens are selling more_eggs as malware-as-a-service to other cybercriminals. 

Malware-As-A-Service:

The malware also appeared in 2019 as it was used by the financial threat gang FIN6 to target various eCommerce companies. The malware was also used to attack pharmaceuticals, entertainment, and retail companies. 

Evilnum uses the Malware-As-A-Service to attack financial tech companies to gather critical and confidential information. 

Impact

• Interferes with Windows processes to disable antivirus protections and downloading updates.
• Enticing emails with fake job offers targets victims desperate for job offers.
• Stolen credentials and risk to financial information.

Remediation

• Installing antivirus solutions.
• Schedule and monitor antivirus updates.
• Deploy web filtering and encrypt company information
• Practice healthy security exercises and be vigilant while browsing LinkedIn