top of page

How Online Job Ads are Endangering HR


If you’ve been involved at any level of the hiring and onboarding process, you know just how time consuming and expensive it can become to find qualified and motivated candidates who fit in with the rest of the team. Depending on the roles you’re filling, degrees or experience expected, and average turnover within the organization, this can be a costly process that doesn’t need to become further muddled by malicious digital threats.

Alas, that’s exactly what seems to be happening to some unfortunate hiring managers in America lately.

How Are Threats Getting In?

If you’ve undergone any amount of phishing training with your organization, it likely hammered home just how unwise it is to click on unknown links or anything from a sender you don’t recognize if you weren’t expecting correspondence.

The problem lies in that latter piece: When you’re a hiring manager, you expect people to send in resumes or attach links to their websites via email. Meanwhile, email attachments act as the entry point in two-thirds of malware attacks. Therein lies the problem currently faced by HR departments that are looking for new hires all the time.

This is a reverse of some similar attacks we’ve seen before: Anyone on the job market since the Internet age can testify receiving some messages from so-called job agencies and recruiters claiming they want to hire you for huge starting rates. Frankly, unsolicited job offers from industries outside of your expertise is an easy ruse to see through when you know how long it can take to stop the job hunt on purpose! This is perhaps why threat actors have decided to turn that ruse on its head and answer Help Wanted ads with malware instead of a CV, thereby taking the same concept and turning it back on businesses.

Who’s Behind The Threats?

One threat actor known as Golden Chickens has been identified. Their malware-as-a-service installs a secret zipfile called more_eggs that creates an entry point for hackers to both avoid antivirus detection and target more victims from within the system. The JavaScript backdoor that gets created accepts commands from the threat actor, thereby allowing them to wreak havoc on your system now that they’re inside.

Since it’s malware-as-a-service, that unfortunately means that Golden Chickens is not the only group with access to the threat package. Any criminal lurking on the Dark Web can purchase the code to deploy against their own victims.

We’ve seen this happen before. In 2019, the same more_eggs malware attacked e-commerce sites and online payment systems. Using this malware to steal private financial information seems to be common, as a cybercriminal team called Cobalt Group are also weaponizing more_eggs to target financial institutions.


There is a lot of malware floating around the Dark Web and up for sale as packaged code. To protect your financial and personal data, consider locking your accounts with multi-factor authentication and using a password manager to generate new, secure passkeys and storing them in an encrypted database so you don’t have to keep track in a more risky manner.

Protecting your data is no easy task. Strong antivirus software, pop-up and threat blockers, and firewalls help protect your system from an attempted breaches. Learning about the active cyber-threats to your business will help you to recognize and report threats before they seriously injure your or the company’s finances and private data.


0 views0 comments


bottom of page