We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

NewApp Digest
search bot

Hackers target job hunters with dangerous new Windows backdoor — how to stay safe

June 12, 2024

WARMCOOKIE backdoor

This campaign began at the end of April and uses emails that claim to come from recruitment firms such as Hays, Michael Page and PageGroup in its attack chain. These emails try to entice recipients into clicking on an embedded link to view additional details about a job opportunity.

If a potential victim does click on the link contained in these emails, they are then told to download a document by solving a CAPTCHA challenge. Doing so drops a malicious JavaScript file on their PC. It’s worth noting that this campaign uses compromised websites to host its initial phishing URLs which are then used to redirect potential victims to malicious landing pages.

According to Elastic, this obfuscated script runs PowerShell and loads the WARMCOOKIE backdoor onto their PC. The backdoor follows a two-step process which allows for it to establish persistence on the now compromised PC but before doing so, it performs anti-analysis checks to avoid being detected.

How to stay safe from Windows malware

Windows malware comes in many different forms but fortunately, the steps you can take to keep you and your PC safe remain the same across different malware strains.

For starters, you want to ensure that Windows Defender is enabled and up to date. This free antivirus software comes pre-installed on all Windows 10 and Windows 11 PCs in the same way that Apple includes its own X-Protect antivirus software with macOS. For additional protection though and some useful extras like a VPN or password manager, you should also consider installing one of the best antivirus software suites to run alongside it.

From here, you want to be extra careful when checking your inbox. This involves carefully scrutinizing senders’ email addresses to make sure they are legitimate and avoiding downloading any attachments or clicking on links from unknown senders. Hackers use malicious documents and other bogus attachments as an entryway into your PC, so if you don’t know the sender, you should avoid downloading anything that’s sent to you.

As for staying safe during a job hunt, you want to stick to established and trusted sites and services like Indeed, LinkedIn, ZipRecruiter, Monster and GlassDoor. Likewise, if possible, you should try to use your existing connections to see if there are any new positions or opportunities available before heading to a job site to look for work.

Winsage
Hackers target job hunters with dangerous new Windows backdoor — how to stay safe