Just looking for a new job is hard enough, but now hackers are using a phishing campaign to infect job seekers with a new Windows-based backdoor.

As reported by The Hacker News, the backdoor in question is called WARMCOOKIE by researchers at cybersecurity firm Elastic Security Labs. According to a new report, it is used to "scout the victim's network and deploy additional payloads."

Once installed on a victim's PC, the backdoor can fingerprint the infected machine, capture screenshots, and drop other Windows malware onto the system.

Here is everything you need to know about this new Windows backdoor and how to stay safe when looking for a new job online.

The campaign began at the end of April and uses emails claiming to be from recruiting firms such as Hays, Michael Page, and PageGroup in its attack chain. These emails attempt to entice recipients to click on embedded links to view additional information about job openings.

If potential victims click on the links contained in these emails, they are instructed to solve a CAPTCHA challenge and download a document. In doing so, a malicious JavaScript file is downloaded to their PC. It is worth noting that the campaign uses the compromised website to host the initial phishing URL, which is then used to redirect potential victims to a malicious landing page.

According to Elastic, this obfuscated script executes PowerShell and loads the WARMCOOKIE backdoor onto the victim's PC. This backdoor goes through a two-step process to establish persistence on the infected PC, but before it does so, it runs anti-analysis checks to avoid detection.

Besides retrieving information from the infected PC, WARMCOOKIE can read and write files, execute commands using cmd.exe, compile a list of installed applications, and capture screenshots.

This backdoor does not use automation to install malware on Windows PCs. Instead, it leads the victim through various prompts that conceal the hacker's intentions behind this campaign, ultimately compromising the victim's computer and infecting it with malware.

There are many different types of Windows malware, but fortunately, the steps you should take to keep yourself and your PC safe are common regardless of the type of malware.

To start, make sure that Windows Defender is enabled and up-to-date. This free antivirus software is preinstalled on all Windows 10 and Windows 11 PCs, just as Apple bundles its own X-Protect antivirus software with macOS. However, for further protection and useful additional features like VPN and password managers, you should also consider installing one of the best antivirus software suites.

From here, special attention should be paid to checking the inbox. This requires careful scrutiny of the sender's e-mail address to ensure that it is legitimate and avoid downloading attachments or clicking on links from unknown senders. Hackers use malicious documents and other fake attachments as an entry point into your PC, so if you do not know the sender, you should not download anything sent to you.

When it comes to staying safe while job hunting, stick to reputable and trusted sites and services such as Indeed, LinkedIn, ZipRecruiter, Monster, and GlassDoor. Likewise, if possible, use your existing connections to see if there are any new positions or opportunities available before going to job sites to look for work.

WARMCOOKIE may be a newly discovered backdoor, but it is quickly gaining popularity among hackers and other cybercriminals because it provides an easy way to infect vulnerable PCs with other types of malware. As such, this will not be the last time we hear of this particular backdoor being used in a cyber attack.