Recruiters have been alerted by Proofpoint to a proficient threat actor who is utilizing emails with malicious intent to infect them.
Financially motivated threat actor TA4557 is known to propagate the More_Eggs backdoor, which is intended to create persistence, profile the compromised system, and drop more payloads.
The actor responded to vacant positions on third-party employment platforms in 2022 and early 2023. More recently, he started contacting recruiters directly.
As the receiver responds to the initial email in the assault chain that employs the novel direct email approach, the actor is seen providing a URL that leads to an actor-controlled website that seems to be a résumé for a potential applicant, according to Proofpoint.