Posted on May 23, 2021 at 10:23 AM
LinkedIn Users Targeted By Malware Campaign Via Fake Job Offers
A recent report has revealed that LinkedIn may be facing more security issues from outsiders trying to abuse its services. Threat actors are luring users using fake job offers to distribute malware.
According to the report, there are several spear-phishing campaigns currently being perpetuated by digital attackers who are tricking professionals to open a malware-containing zip file. The threat actors are using a systematic approach where they adverse similar job positions that fit the qualification of the professionals in a bid to get a quick response from them.
The .Zip file contains a backdoor known as more-eggs, which runs several malicious plugins and enables remote access to the victim’s computer.
The threat actors operate in a systematic manner
Researchers at eSentire cybersecurity firm obstructed the actions of one of the scammers. According to the researchers, the said threat actor had targeted a professional in the health care sector.
When the .Zip file was opened, the malware campaign ran VenomLNK for the preliminary stage of the more-eggs backdoor. As a result, the Windows Management Instrumentation in the files-attack chain was misused.
After the first stage of the backdoor was implemented, the attackers used the backdoor’s plugin loader, TerraLoader, to steal genuine Windows processes. The victim is them presented a fake document in its place.
The file then camouflaged as a genuine job application while more-eggs is working and gathering files in the background.
The attackers do not stop there with their malware. They also deploy the TerraLoader plugin to load a payload, establishing contact with the threat actors’ command-and-control server.
As a result, it allows the threat actors to install additional malware in the victim’s server using more-eggs. Once the extra malware such as ransomware is installed, they could stay within the affected system and steal more sensitive data.
Several other bogus jobs offers discovered on LinkedIn
Some other researchers have disclosed that several other threat actors are using similar phishing approaches to gain access to victim’s computers and steal sensitive information.
Proofpoint revealed that it discovered a similar attack in 2019 where the threat actors misused LinkedIn’s direct messaging service to set up communication with their targets.
They pretended to be communicating as staff of an established company and preached job offers to the victims. They established follow-up emails and asked victims to open a malicious attachment or visit a fake website. Whichever option was presented to the victims, they end up unknowingly letting the more-eggs malware into their system.
In January this year, some threat actors installed the ZeuS data theft malware in their victims’ computers via LinkedIn contact requests. Others sent scam messages to their victims, tricking them to share their banking details.
Other threat actors tricked users into opening a LinkedIn Private Shared Document using phishing messages.
Tom Guide reported that the messages redirected the users to a bogus login page that was meant to steal the account details of the victim.
Defending against Scams on LinkedIn
The LinkedIn phishing scams are similar to other phishing scams, and the same process is applied to prevent being a victim, according to security researchers. One way of defending against such attacks is for organizations to give their employees enough orientation about the nature of these scams and how to spot them.
The training can help most of these employees to spot new attacks targeting their systems, even if they are no longer working with the organization.
Organizations can also deploy security awareness training to keep their employees from exposing too much on their social media page. Some of the threat actors target a specific type of employee based on the information they collect from the target’s social media page. It will prevent threat actors from scouting potential targets using LinkedIn and for carrying out follow-up attacks.
The level of phishing attacks has also increased in recent times after many workers were displaced due to the impact of the Covid-19 pandemic. As a result, LinkedIn users have been advised to be very vigilant about any job offering on the platform and should not provide any personal details to anyone on social media unless they are personal acquaintances.