<ul data-eligibleForWebStory="true"><li>Hackers are using fake jobseeker personas to spread malware targeting recruiters and HR managers.</li><li>DomainTools identified FIN6 creating fake LinkedIn profiles and resume websites anonymously hosted on AWS.</li><li>The hackers build rapport with targets before sharing resume websites that filter visitors based on OS and connection type.</li><li>Recruiters served a .ZIP archive, thinking it contains a resume, but it actually drops the 'More Eggs' backdoor.</li><li>The 'More Eggs' malware can execute commands, steal credentials, deliver payloads, and use social engineering.</li><li>AWS acknowledges the findings and stresses that such campaigns violate its terms of service.</li></ul>

Hackers are now pretending to be jobseekers to spread malware

Discover more