Hackers Target Job Hunters with Dangerous Windows Backdoor - How to Stay Safe

Hackers Target Job Hunters with Dangerous Windows Backdoor - How to Stay Safe

Just looking for a new job is hard enough, but now hackers are using a phishing campaign to infect job seekers with a new Windows-based backdoor

As reported by The Hacker News, the backdoor in question is called WARMCOOKIE by researchers at cybersecurity firm Elastic Security Labs According to a new report, it is used to "scout the victim's network and deploy additional payloads"

Once installed on a victim's PC, the backdoor can fingerprint the infected machine, capture screenshots, and drop other Windows malware onto the system

Here is everything you need to know about this new Windows backdoor and how to stay safe when looking for a new job online

The campaign began at the end of April and uses emails claiming to be from recruiting firms such as Hays, Michael Page, and PageGroup in its attack chain These emails attempt to entice recipients to click on embedded links to view additional information about job openings

If potential victims click on the links contained in these emails, they are instructed to solve a CAPTCHA challenge and download a document In doing so, a malicious JavaScript file is downloaded to their PC It is worth noting that the campaign uses the compromised website to host the initial phishing URL, which is then used to redirect potential victims to a malicious landing page

According to Elastic, this obfuscated script executes PowerShell and loads the WARMCOOKIE backdoor onto the victim's PC This backdoor goes through a two-step process to establish persistence on the infected PC, but before it does so, it runs anti-analysis checks to avoid detection

Besides retrieving information from the infected PC, WARMCOOKIE can read and write files, execute commands using cmdexe, compile a list of installed applications, and capture screenshots

This backdoor does not use automation to install malware on Windows PCs Instead, it leads the victim through various prompts that conceal the hacker's intentions behind this campaign, ultimately compromising the victim's computer and infecting it with malware

There are many different types of Windows malware, but fortunately, the steps you should take to keep yourself and your PC safe are common regardless of the type of malware

To start, make sure that Windows Defender is enabled and up-to-date This free antivirus software is preinstalled on all Windows 10 and Windows 11 PCs, just as Apple bundles its own X-Protect antivirus software with macOS However, for further protection and useful additional features like VPN and password managers, you should also consider installing one of the best antivirus software suites

From here, special attention should be paid to checking the inbox This requires careful scrutiny of the sender's e-mail address to ensure that it is legitimate and avoid downloading attachments or clicking on links from unknown senders Hackers use malicious documents and other fake attachments as an entry point into your PC, so if you do not know the sender, you should not download anything sent to you

When it comes to staying safe while job hunting, stick to reputable and trusted sites and services such as Indeed, LinkedIn, ZipRecruiter, Monster, and GlassDoor Likewise, if possible, use your existing connections to see if there are any new positions or opportunities available before going to job sites to look for work

WARMCOOKIE may be a newly discovered backdoor, but it is quickly gaining popularity among hackers and other cybercriminals because it provides an easy way to infect vulnerable PCs with other types of malware As such, this will not be the last time we hear of this particular backdoor being used in a cyber attack

Categories