FlagThis

Arctic Wolf Labs has identified a spear-phishing campaign orchestrated by the financially motivated threat group known as Venom Spider. The campaign targets hiring managers by abusing legitimate messaging services and job platforms. Attackers submit fake job applications with malicious resumes, leveraging an updated backdoor called More_eggs.

The fake resumes are designed to deliver the More_eggs backdoor onto the devices of unsuspecting HR personnel. Once installed, the backdoor allows the attackers to perform a variety of malicious activities, including stealing credentials, customer payment data, intellectual property, and trade secrets.

Arctic Wolf warns that the updated More_eggs malware is more sophisticated, making it harder to detect than previous versions. They advise CISOs to warn HR staff about this ongoing threat and implement measures to identify and block these malicious resumes. Notably, threat actors are using msxsl.exe, a legitimate Microsoft Command Line Transformation Utility to execute the backdoor.

ImgSrc: www.csoonline.c

References :

• Arctic Wolf: Venom Spider Uses Server-Side Polymorphism to Weave a Web Around Victims
• Know Your Adversary: 125. Hunting for More_eggs Backdoor
• www.csoonline.com: Fake resumes targeting HR managers now come with updated backdoor
• securityaffairs.com: Arctic Wolf details recent campaign by Venom Spider targeting hiring managers with spear-phishing emails abusing messaging services and job platforms.
• arcticwolf.com: Arctic Wolf® observed a recent campaign by the financially motivated threat group Venom Spider targeting hiring managers with spear-phishing emails.

Classification:

• HashTags: #CyberSecurity #Phishing #More_eggs
• Company: Arctic Wolf
• Target: Hiring Managers
• Attacker: Venom Spider
• Product: Hiring Platforms
• Feature: Spear-Phishing
• Malware: More_eggs
• Type: Malware
• Severity: Medium