Recruiters Beware: Cyber Crooks Flip the Script with Fake Job Seeker Malware!
FIN6’s Skeleton Spider campaign targets recruiters with fake job seeker profiles on LinkedIn and Indeed, using AWS-hosted phony portfolio sites to deliver More_eggs malware. The crooks trick targets into downloading malicious ZIP files, showcasing how low-complexity phishing paired with cloud infrastructure keeps them ahead of detection tools.
Hot Take:
Oh, how the tables have turned! Recruiters, often the unsung heroes of the job market, have found themselves the latest targets of a cyber plot that could only be concocted by a gang named after a creepy-crawly. FIN6 has flipped the job market script, and now it’s the recruiters who need to watch out for fake resumes—because who knew they’d be the victims of job seekers with a hidden agenda? Maybe next time, they’ll think twice before demanding 10 years of experience for an entry-level job!
Key Points:
- FIN6, also known as Skeleton Spider, has launched a new social engineering campaign targeting recruiters with malware.
- The scam involves fake job seekers on LinkedIn and Indeed directing recruiters to malicious portfolio sites.
- These sites are hosted on AWS and require CAPTCHA verification to download a malware-laden ZIP file.
- The malware, More_eggs, allows remote command execution and credential theft.
- The campaign cleverly bypasses security features by not hyperlinking malicious domains in phishing emails.