Hackers are hiding malware in fake LinkedIn job offers

“For example, if the LinkedIn member’s job is listed as Senior Account Executive—International Freight the malicious zip file would be titled Senior Account Executive—International Freight position (note the “position” added to the end). Upon opening the fake job offer, the victim unwittingly initiates the stealthy installation of the fileless backdoor, more_eggs,” the company said in a blog post.

Also Read | How India’s banking model has changed

According to eSentire’s TRU, the malware installs a “sophisticated backdoor” that can provide hackers access to the victim’s computer. They sell these backdoors as a malware-as-a-service (MaaS) to other cybercriminals, who can use it to steal user data. Once the malware is on a victim’s computer, it can allow cybercriminals to install ransomware, credential stealers, banking malware, or another backdoor on the affected computer.

The malware presents a decoy Word document to the victim, which looks like an employment application but serves “no functional purpose”. It does so while hijacking legitimate Windows processes that give the malware access to the victim’s computer. “It is merely used to distract the victim from the ongoing background tasks of more_eggs,” the firm said.

Robb McLeod, senior director at the TRU, said the malware poses a “formidable threat to businesses and business professionals”. It’s not picked up by regular anti-virus software and security solutions since it uses normal Windows processes. Users are also more likely to download the malware since it’s hidden inside a job posting that they are already interested in. “It is a perfect time to take advantage of job seekers who are desperate to find employment,” the firm said. “Thus, a customised job lure is even more enticing during these troubled times,” it…