blueteamsec

540 readers

4 users here now

For [Blue|Purple] Teams in Cyber Defence - covering discovery, detection, response, threat intelligence, malware, offensive tradecraft and tooling, deception, reverse engineering etc.

founded 2 years ago

MODERATORS

digicat

How a fake AI recruiter delivers five staged malware disguised as a dream job (medium.com)

submitted 1 week ago by digicat to c/blueteamsec

3 comments fedilink hide all child comments

top 3 comments

sorted by: hot top controversial new old

[–] ook@discuss.tchncs.de 1 points 1 week ago

Dang, that's vile.

[–] jjjalljs@ttrpg.network 1 points 1 week ago

Well that's terrifying.

I don't think I'd want to run code from people I don't know on my host machine. It mentions virtual machine detection. Hopefully it can't break out of that.

[–] fubarx@lemmy.world 1 points 1 week ago

That is very clever and truly evil. It can work for pretty much any supply-chain attack for any language as long as you request installation of a downloaded component.

The place where on Windows they randomly ask for Admin permissions until you agree shows how users have been trained in security theater to just say "Yes" to every prompt.

In two critical stages, though, it bails out on a Mac. Wonder why? You can easily install "start at login" software. If I had to guess, MacOS signals the user that a login item has been installed and that breaks the silent infiltration.