LinkedIn Jobs May Actually Be Linked To Malware

With unemployment at great levels and the economy looks weird, covid inversions, I think we can all agree that job hunting is a pretty tough job right now. Amidst all of this, do you know what workers don’t really need? A LinkedIn inbox full of malware. Yeah, they don’t need it at all.

Still, apparently that’s what some might get, thanks to a bunch of cyber morons.

The security company eSentire recently published a report detailing how hackers connected to a group dubbed “Golden Chickens” (I don’t know who invented this one) carried out a malicious campaign that attacks job seekers’ desire for the perfect job.

These The campaigns are all about getting unsuspecting professionals to click on job postings that have the same title as their current position. A message, slipped into a victim’s DMs, brings them up with an “offer” which is really rigged with a spring loaded .zip file. Inside this .zip file is fileless malware called “more_eggs” which can help hijack a targeted device. The researchers explain how the attack works:

… If the LinkedIn member’s job is listed as Senior Account Manager – International Freight the malicious zip file would be titled Senior Account Executive – International Freight Position (note the “position” added at the end). Upon opening the bogus job posting, the victim unintentionally initiates the stealth installation of the fileless backdoor, more_eggs.

Whoever they are, the “chickens” are unlikely to lead these attacks themselves. Instead, they pedal on what would be classified Malware as a Service (MaaS)—This means that other cybercriminals buy the malware from them in order to carry out their own hacking campaigns. The report notes that it is don’t know who exactly is behind the recent campaign.

A backdoor Trojan like “more_eggs” is basically a program that allows other more destructive types of malware to be loaded into the system of a device or computer. Once a criminal has used the Trojan to gain a foothold in a victim’s system, they can then deploy other things like ransomware, banking malware, or credential thieves. to wreak greater havoc on their victim.

Rob McLeod, senior director of the Threat Response Unit (TRU) for eSentire, called the activity “particularly worrying” given that attempted compromises could pose a “formidable threat to businesses and professionals.”

“Since the COVID pandemic, unemployment rates have increased dramatically. Now is the perfect time to take advantage of job seekers who are desperate for employment. So a custom work lure is even more appealing in these troubled times, ”said McLeod.

We’ve reached out to LinkedIn to get their take on this whole situation and we’ll update this story if they respond. Whereas employers are generally not satisfied with offer you a job, you would think this campaign wouldn’t be too difficult to avoid. Yet people click random items on the internet all the time, usually out of curiosity, if nothing else. Suffice it to say, if you get a job offer that sounds too good to be true, it’s probably best to avoid.

UPDATE, 9:12 p.m. When contacted by email, a spokesperson for LinkedIn provided the following statement:

“Millions of people use LinkedIn to search and apply for a job every day – and when searching for a job, security means knowing the recruiter you’re chatting with is who they say they are, that the job you are passionate about is. real and genuine, and how to spot fraud. We do not allow fraudulent activity on LinkedIn. We use automated and manual defenses to detect and process fake accounts or fraudulent payments. All accounts or job offers that do not follow our rules are blocked on the site. “