FIN6 is a threat group that typically targets multinational financial organizations and job seekers. Now, the group has changed tactics to impersonating job seekers as a way to target those who do the hiring. In the spear-phishing campaign, the attackers spread the “more_eggs” backdoor which can execute secondary malware payloads. The more_eggs backdoor is part of Golden Chickens, a malware-as-a-service (MaaS) toolkit. Many factors can allow this malware to slip past the detection of anti-malware software. In the attacks, an HR employee receives a fake resume for a position. When the resume is downloaded, it executes a .lnk file, causing a more_eggs infection.  

Read more: https://www.darkreading.com/cyberattacks-data-breaches/attackers-targeting-recruiters-more_eggs-backdoor