Once opened, victims initiate the stealthy installation of the More eggs backdoor that can download additional malicious plugins and provide remote access to their device.
Golden Chicken sell the backdoor under a malware as a service (MaaS) arrangement to other cyber criminals, made possible by More Eggs’ tendency to maintain a stealthy profile by abusing legitimate Windows processes.
Researchers with eSentire disrupted an active spear phishing incident in which a health tech professional downloaded and executed a malicious .ZIP file.
Related Resource
A complete guide to penetration testing
The researchers saw the victim unwittingly activate VenomLNK, an initial stage of More Eggs that abused Windows Management Instrumentation to enable the plugin loader, TerraLoader. This, in turn, hijacks the cmstp and regsvr32 processes.