According to a report by Gizmodo, hackers are using a sophisticated campaign to target users’ devices. The report quotes a research published by eSentire, a cybersecurity solutions provider.
eSentire has warned users that a hacking group is targeting “business professionals on LinkedIn with fake job offers in an effort to infect them with a sophisticated backdoor Trojan.”
What is a backdoor trojan? It’s a form of malware that gives hackers remote access and control over the victim’s computer and allows them to send, receive, launch and even delete files.
The hackers, as per the report, are connected to a group called Golden Chickens.
How are hackers targeting LinkedIn users?
The hackers send a DM or direct message to a user with some kind of job offer. The offer is fake but comes attached with Zip file or has an attachment with the extension .zip. The .zip file has a hidden malware that helps hackers target and control the victim’s device. eSentire explains how the whole process works, “If the LinkedIn member’s job is listed as
Senior Account Executive—International Freight
the malicious zip file would be titled
Senior Account Executive—International Freight position (note the “position” added to the end).”
Upon opening the fake job offer, the victim unwittingly initiates the stealthy installation of the fileless backdoor, more_eggs,” the report adds.
The more_eggs malware, as per Rob McLeod, senior director, eSentire, is particularly worrisome as it has three elements which make it a “formidable threat to businesses and business professionals.” It’s dangerous as the malware is hard to pick up by anti-virus tools and other security solutions. “Since the COVID pandemic, unemployment rates have risen dramatically. It is a perfect time to take advantage of job seekers who are desperate to find employment. Thus, a customized job lure is even more enticing during these troubled times,” explained McLeod.
As per Gizmodo, LinkedIn made a statement to them about the issue. “Millions of people use LinkedIn to search and apply for jobs every day — and when job searching, safety means knowing the recruiter you’re chatting with is who they say they are, that the job you’re excited about is real and authentic, and how to spot fraud. We don’t allow fraudulent activity anywhere on LinkedIn. We use automated and manual defenses to detect and address fake accounts or fraudulent payments. Any accounts or job posts that violate our policies are blocked from the site,” said LinkedIn in a statement to Gizmodo.