Hello, welcome to the Tuesday, April 6, 2021 edition of the Sansonet Storm Center's Stormcast. My name is Johannes Ulrich,

and I'm recording from Jacksonville, Florida. Using job offers to gain individuals' trust is nothing

really new, but the latest campaign is using LinkedIn in order to come up

with more convincing, but still fairly mass-produced emails. In these emails, it essentially

just takes your job title from LinkedIn, adds offer to the subject, and then includes a zip file

that it hopes the mark will open, and this particular zip file will then install the

MooreX malware Trojan that can then be used to infiltrate a network.

Morex is fairly non-specific malware.

It's not really associated with a particular threat actor.

It is actually offered sort of as malware as a service.

So whoever would like to preach a certain type of organization can essentially hire the people behind

Morax in order to launch the attack. This is, of course, a very spammy email and probably not going

to trick a lot of people that are listening to this podcast. I just want to point out that this sort of a recurring theme

where job offers, even sometimes job offers made in person or over the phone, are being used

to sort of steal information. This is a very difficult balance sometimes to find. I also talk to

people that essentially aren't able to

look for a job anymore because they consider any offer that comes in a potential trick to

solicit information from them. In general, stay with trusted recruiters and of course that's where social networking sometimes helps, is to build

up a network that is able to assist you if you're looking for a job.

And if you've got an interesting exploit for an older vulnerability CVE 2019, 8761. The vulnerability itself was patched in October of 2019, but I haven't

really seen an exploit for it and it's kind of interesting. As opening a simple text file in Apple's

text edit could lead to the exfiltration of arbitrary files.

...