FIN6 Uses AWS-Hosted Fake Resumes on LinkedIn to Deliver More

FIN6 is deploying sophisticated phishing campaigns using AWS infrastructure to deliver the More_eggs malware, often through fake resumes on job platforms. They exploit domain privacy and traffic filtering to evade detection while targeting e-commerce and payment systems. #FIN6 #More_eggs #Golden_Chickens #AWS #JokerStash

Keypoints

FIN6 uses fake resumes on platforms like LinkedIn and Indeed to deliver malware.
The More_eggs malware is linked to the Golden Chickens group and capable of credential theft and ransomware deployment.
FIN6 has a long history of targeting e-commerce sites to steal payment card data using JavaScript skimmers.
The threat actors hide their infrastructure using domain privacy services and trusted cloud hosting.
Phishing sites employ CAPTCHA and traffic filtering to ensure only targeted victims download malware.

SHARE THIS STORY

WhatsApp X (Twitter)Telegram Bluesky Facebook LinkedIn Threads Email Print

FIN6 Uses AWS-Hosted Fake Resumes on LinkedIn to Deliver More_eggs Malware