{"id":121261,"date":"2021-04-06T03:22:18","date_gmt":"2021-04-06T10:22:18","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2021\/04\/hackers-targeting-professionals-with-more_eggs-malware-via-linkedin-job-offers"},"modified":"2021-04-06T03:22:18","modified_gmt":"2021-04-06T10:22:18","slug":"hackers-targeting-professionals-with-more_eggs-malware-via-linkedin-job-offers","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2021\/04\/hackers-targeting-professionals-with-more_eggs-malware-via-linkedin-job-offers","title":{"rendered":"Hackers Targeting professionals With \u2018more_eggs\u2019 Malware via LinkedIn Job Offers"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/hackers-targeting-professionals-with-more_eggs-malware-via-linkedin-job-offers2.jpg\"><\/a><\/p>\n<p>A new spear-phishing campaign is targeting professionals on LinkedIn with weaponized job offers in an attempt to infect targets with a sophisticated backdoor trojan called \u201cmore_eggs.\u201d<\/p>\n<p>To increase the odds of success, the phishing lures take advantage of malicious ZIP archive files that have the same name as that of the victims\u2019 job titles taken from their LinkedIn profiles.<\/p>\n<p>\u201cFor example, if the LinkedIn member\u2019s job is listed as Senior Account Executive\u2014International Freight the malicious zip file would be titled Senior Account Executive\u2014International Freight position (note the \u2018position\u2019 added to the end),\u201d cybersecurity firm eSentire\u2019s Threat Response Unit (TRU) <a href=\"https:\/\/www.esentire.com\/security-advisories\/hackers-spearphish-professionals-on-linkedin-with-fake-job-offers-infecting-them-with-malware-warns-esentire\" rel=\"noopener\" target=\"_blank\">said<\/a> in an analysis. \u201cUpon opening the fake job offer, the victim unwittingly initiates the stealthy installation of the fileless backdoor, more_eggs.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A new spear-phishing campaign is targeting professionals on LinkedIn with weaponized job offers in an attempt to infect targets with a sophisticated backdoor trojan called \u201cmore_eggs.\u201d To increase the odds of success, the phishing lures take advantage of malicious ZIP archive files that have the same name as that of the victims\u2019 job titles taken [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34],"tags":[],"class_list":["post-121261","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/121261","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=121261"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/121261\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=121261"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=121261"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=121261"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}