LinkedIn is a professional platform for people to mostly get job opportunities. Taking advantage of the same, hackers are now using the Microsoft-owned platform to infect people’s devices with malware.
This is being done by sending people fake job offer messages, something everyone is bound to get attracted to. Here’s what is this all about and how you can remain safe.
Do not fall for the fake job offers on LinkedIn
As discovered by security firm eSentire, hackers (belonging to the group “Golden Chickens”) are targeting people with fake job offers on LinkedIn to infect them with a backdoor trojan.
For the uninitiated, a backdoor trojan is a type of malware that provides hackers with remote access to people’s smartphones, computers, and more to get access to their personal data.
It is revealed that the job offer messages contain a “.zip” file that has the trojan. The blog post gives an example of this by saying, “if the LinkedIn member’s job is listed as Senior Account Executive—International Freight the malicious zip file would be titled Senior Account Executive—International Freight position (note the “position” added to the end).”
What happens if the file is downloaded?
If the file is opened, the installation of the trojan, named “more_eggs” will be initiated. This will download more malicious plugins and provide the cybercriminals with “hands-on” access to the victims’ devices.
Once all this happens, the devices can be injected with various kinds of malware that can steal people’s data, financial information, sensitive information, and more.
It is further revealed that the trojan is pretty worrisome due to three major reasons. Firstly, anti-virus solutions can’t detect it as it uses normal Windows processes to run. Secondly, it includes the victim’s job position that increases the chances of people opening it. Thirdly, with people losing their jobs due to the COVID-19 pandemic, this comes across as attractive.
It is further revealed that the Golden Chickens threat group is associated with notable advanced threat groups, such as FIN6, Cobalt Group and Evilnum. This makes the trojan stealthy.
Just to be safe, it’s a best practice to pay attention to job opportunities from legitimate sources, which includes not opening attachments from suspicious sources.