Cybercriminals are posing as jobs eekers, creating fake LinkedIn profiles and resume sites, to target recruiters and HR
managers. Once they gain trust, victims are invited to view a resume that appears harmless but secretly delivers a
Windows shortcut (.LNK) file. Opening it installs the “More Eggs” backdoor, which steals login credentials, executes
commands, and delivers additional payloads. The operation is hosted on AWS and GoDaddy-registered domains, and
is promptly removed once detected.
Hiring Tips Blog
