This may make it a bit harder for those legitimately seeking jobs on LinkedIn. Daryna Antoniuk reports:
Cybercriminals from the long-running FIN6 group are posing as job seekers on platforms like LinkedIn to infect recruiters with malware delivered through fake resumes, according to a new report.
Recruitment scams are common among cybercrime gangs, but this is a new tactic for FIN6, which is better known for stealing payment card data and breaching point-of-sale (PoS) systems in the hospitality and retail sectors, researchers at security firm DomainTools said.
In their latest campaign, the hackers — also tracked as Skeleton Spider — initiate interactions with recruiters on platforms such as LinkedIn and Indeed and, after gaining their trust, send malicious phishing emails that deliver a backdoor known as MoreEggs.
Read more at The Record.