: Distributed via social engineering, frequently through LinkedIn or WhatsApp messages offering fake job opportunities at high-profile firms [1, 3]. Execution Chain :
Once extracted and run, it employs —using a legitimate application to load a malicious DLL—to bypass security software [4, 5]. PoolFun_2.7z
The file is typically used in "Job Seeker" or "Lure" campaigns, where attackers pose as recruiters to trick professionals into downloading and executing malware [1, 3]. Key Technical Features : Distributed via social engineering
The .7z archive contains a decoy document (e.g., a PDF resume) and a malicious executable [2]. PoolFun_2.7z