Categories: AppsNews

Hackers Using LinkedIn DM To Drop Malware In Users’ Devices

Microsoft’s business social network, LinkedIn, is the target of a fake job offer campaign being used to spam users’ inboxes and drop malware on their devices.

Security company, Proofpoint, explains that the purpose of this attempt by cybercriminals is to deliver the More_eggs backdoor, which acts as a downloader, allowing attackers to deploy malware on the compromised host.

The firm says the malicious actors use ordinary looking LinkedIn profiles they create to reach out to their potential targets through short messages that highlight job opportunities.

via Proofpoint

These hackers return a few days later with direct emails to the work address given on LinkedIn to direct their targets to websites they claim host detailed information on the purported job ad.

Proofpoint researchers noted that the URLs given link to a landing page akin to that of a legit talent and staffing management company, even using stolen branding to enhance the campaign’s legitimacy.

These URLs may include PDF documents with fake details of the job, and point to malicious URLs.

Once the malware is downloaded, the website downloads a malicious Microsoft Word document laden with macros that are crafted specifically to download the More_eggs backdoor.

The fake campaign can get more complex, even using URL shorteners, password-protected Microsoft Word documents, or other attachments, depending on the attack.

Proofpoint explains that even “completely benign emails without malicious attachments or URLs” in an attempt to establish rapport further.

“This actor provides compelling examples of these new approaches, using LinkedIn scraping, multi-vector and multi-step contacts with recipients, personalized lures, and varied attack techniques to distribute the More_eggs downloader, which in turn can distribute the malware of their choice based on system profiles transmitted to the threat actor,” they added.

How to stay protected

The trick is to ignore such messages that point you to suspicious-looking websites, or that include attachments that pose risks of infection.

Additionally, make sure your security tools are always up-to-date.

Disqus Comments Loading...
Share
Published by
Biage Otachi

Recent Posts

The Best NBA Streaming Services of 2023: A Comprehensive Guide

Are you an NBA fanatic looking for the best ways to stream games in 2023?…

1 year ago

Vinland Saga Season 2: Your Ultimate Viewing Guide

The Wait is Over: What's New in Season 2? The anticipation has been intense, but…

1 year ago

How to Install Mods in GTA 5 Nintendo Switch

Ready to take your GTA 5 Nintendo Switch experience to the next level? You're in…

1 year ago

Zoro.to Troubleshooting: Proven Fixes for ‘Zoro.to Not Working’ Issues

Encountering roadblocks with your favorite streaming site, Zoro.to? If so, you've navigated to the right…

1 year ago

Elevate Your Mathematical Skill with Nerdle

While the masses grapple with creating coherent 5-letter words, a distinctive game waits in the…

2 years ago

IPTV Goldmine: 7000+ Channels via Github Playlists & Top Apps

Welcome to the world of unlimited streaming with access to more than 7000 international IPTV…

2 years ago