“More_eggs is a modular JavaScript backdoor offered as malware-as-a-service that allows for command execution, credential theft, and follow-on payload delivery, often operating in memory to evade detection,” researchers explained.
The effectiveness of simple tactics
The campaign demonstrates how effective targeted phishing techniques can be when combined with cloud infrastructure and sophisticated evasion methods. The success of these attacks highlights the ongoing challenge organizations face in defending against threats that exploit human psychology rather than technical vulnerabilities.
“FIN6’s Skeleton Spider campaign shows how effective low-complexity phishing campaigns can be when paired with cloud infrastructure and advanced evasion,” the report said. “By using realistic job lures, bypassing scanners, and hiding malware behind CAPTCHA walls, they stay ahead of many detection tools.”
