cover fokus sp panjang dalam isi penipuan online 169 (1) Mitra IT | Your Trusted & Reliable Software Solutions

OInstantly Empty Accounts, Get to Know the Latest Online Fraud Method

Jakarta, CNBC Indonesia A new online fraud method has been revealed again. This time, cybercriminals are posing as fake job seekers to trap recruiters and business owners. As a result, sensitive data is stolen until the account is hacked and the account contents can disappear instantly.

Quoting Tech Radar, Thursday (12/6/2025), the hacker group known as FIN6 uses this approach with increasingly sophisticated and convincing techniques. These cybercriminals build fake identities on LinkedIn and even create fake CV sites that look professional.

Cybersecurity researchers from DomainTools revealed that the CV site domains were purchased anonymously through GoDaddy, and hosted through Amazon Web Services (AWS) to make them difficult to detect and take down.

After building a connection with recruiters or HR managers through LinkedIn, the hackers then redirect communication to email and send a link to the fake CV site. This site is designed smartly, it can filter visitors based on the operating system and connection used.

If a visitor is detected using a VPN, macOS, or Linux, the site will display regular, harmless content. But if the visitor is considered an “ideal target”, for example a Windows user without a VPN, then the trap begins.

First, the victim is directed to fill in a fake CAPTCHA. After that, they are offered a .ZIP file that claims to be a resume. However, the file contains a malicious Windows shortcut, LNK file, which runs a script to download malware called “More Eggs”.

More Eggs is a very dangerous modular backdoor malware. It can run remote commands, steal login credentials, download additional malware, and run PowerShell without the victim’s knowledge.

This mode is very dangerous because it relies on social engineering and obfuscation techniques that are difficult to detect by standard security systems.

AWS said that they take violations like this seriously and routinely remove malicious content from their platform.

“AWS has clear requirements that require our customers to use our services in accordance with applicable laws,” said an AWS spokesperson.

“We value collaboration with the security research community and encourage researchers to report suspected abuse to AWS Trust & Safety through our dedicated abuse reporting process,” he said.

SOURCE : CNBC INDONESIA