Tag Archive for: LinkedIn

Safari Zero-Day Used in Malicious LinkedIn Campaign – Threatpost

/in



Safari Zero-Day Used in Malicious LinkedIn Campaign  Threatpost

Source…

Hackers are hiding malware in fake LinkedIn job offers

/in


New Delhi: Cybercriminals are hiding malware in fake LinkedIn job offers, according to a new report by security firm eSentire. The company’s threat response unit (TRU) has discovered that hackers are hiding malicious zip files in fake job offers on the professional social media platform, in a new form of spearphishing attack.

“For example, if the LinkedIn member’s job is listed as Senior Account Executive—International Freight the malicious zip file would be titled Senior Account Executive—International Freight position (note the “position” added to the end). Upon opening the fake job offer, the victim unwittingly initiates the stealthy installation of the fileless backdoor, more_eggs,” the company said in a blog post.

Also Read | How India’s banking model has changed

According to eSentire’s TRU, the malware installs a “sophisticated backdoor” that can provide hackers access to the victim’s computer. They sell these backdoors as a malware-as-a-service (MaaS) to other cybercriminals, who can use it to steal user data. Once the malware is on a victim’s computer, it can allow cybercriminals to install ransomware, credential stealers, banking malware, or another backdoor on the affected computer.

The malware presents a decoy Word document to the victim, which looks like an employment application but serves “no functional purpose”. It does so while hijacking legitimate Windows processes that give the malware access to the victim’s computer. “It is merely used to distract the victim from the ongoing background tasks of more_eggs,” the firm said.

Robb McLeod, senior director at the TRU, said the malware poses a “formidable threat to businesses and business professionals”. It’s not picked up by regular anti-virus software and security solutions since it uses normal Windows processes. Users are also more likely to download the malware since it’s hidden inside a job posting that they are already interested in. “It is a perfect time to take advantage of job seekers who are desperate to find employment,” the firm said. “Thus, a customised job lure is even more enticing during these troubled times,” it…

Source…

Hackers target LinkedIn users with fake job offers

/in


According to researchers, hackers are spear phishing with a malicious zip file using the job position listed on the target’s LinkedIn profile.

(Subscribe to our Today’s Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)

A hacking group is spear phishing business professionals on LinkedIn with fake job offers to get remote control over the victim’s computer, according to researchers at eSentire.

Spear phishing is an email or electronics communications scam in which a victim receives an email that leads them to a fake website infected with malware. The aim of the attack is to steal data or install malware on victims’ device.

According to researchers, hackers are spear phishing with a malicious zip file using the job position listed on the target’s LinkedIn profile. For instance, if the LinkedIn member’s job is listed as Senior Account Executive—International Freight, the malicious zip file would be titled Senior Account Executive—International Freight position.

Once a users open the fake job offer, they initiate the installation of file-less backdoor, titled ‘more_eggs’. Once loaded, the backdoor trojan can download additional malicious plugins and provide hands-on access to the victim’s computer.

Besides, it can infect the system with any type of malware including ransomware, credential stealers, banking malware, or simply use the backdoor as a foothold into the victim’s network so as to exfiltrate data.

More_eggs possess a significant threat to business as it uses normal Windows processes to run, meaning it is not going to typically be picked up by anti-virus and automated security solutions.

Cybercriminals are taking advantage of the rising unemployment rates since the COVID pandemic. Luring job seekers is more enticing in these times.

Source…

LinkedIn Job Offers May Actually Be Laced With Malware

/in


Illustration for article titled A New Phishing Campaign Sends Malware-Laced Job Offers Through LinkedIn

Photo: Carl Court (Getty Images)

With unemployment at formidable levels and the economy doing weird, covid-related reversals, I think we can all agree that the job hunt is a pretty hard slog right now. Amidst all that, you know what workers really don’t need? A LinkedIn inbox full of malware. Yeah, they don’t need that at all.

Nevertheless, that is apparently what some may be getting, thanks to one group of cyber-assholes.

Security firm eSentire recently published a report detailing how hackers connected to a group dubbed “Golden Chickens” (I’m not sure who came up with that one) have been waging a malicious campaign that preys on job-seekers’ desire for the perfect position.

These campaigns involve tricking unsuspecting business professionals into clicking on job offers that are titled the same thing as their current position. A message, slid into a victim’s DMs, baits them with an “offer” that is really rigged with a spring-loaded .zip file. Inside that .zip is a fileless malware called “more_eggs” that can help hijack a targeted device. Researchers break down how the attack works:

…If the LinkedIn member’s job is listed as Senior Account Executive—International Freight the malicious zip file would be titled Senior Account Executive—International Freight position (note the “position” added to the end). Upon opening the fake job offer, the victim unwittingly initiates the stealthy installation of the fileless backdoor, more_eggs.

G/O Media may get a commission

Whoever they are, the “Chickens” probably aren’t conducting these attacks themselves. Instead, they are pedaling what would be classified Malware-as-a-service (MaaS)—which means that other cybercriminals purchase the malware from them in order to conduct their own hacking campaigns. The report notes that it is unclear who exactly is behind the recent campaign.

A backdoor trojan like “more_eggs” is basically a program that allows other, more destructive kinds of malware to be loaded into the system of a device or computer. Once a criminal has used the trojan to gain a toehold into a victim’s system, they can then deploy other stuff like ransomware, banking malware, or credential…

Source…