Hackers are targeting unemployed people by sending them job offers via social media sites like Linkedin. Read on to know more about it…
LinkedIn is one of the most popular professional networking platform, with millions of people searching for new job opportunities almost every day. Hackers are now injecting hidden malware in fake LinkedIn job offers in order to cheat people into installing the backdoor trojan and infecting their system.
Enterprises and individuals should be aware of a recent spear-phishing attack that uses bogus work opportunities to infect them with a sophisticated backdoor Trojan, according to eSentire. Hackers are now using backdoor trojans to gain remote control of a victim’s device, allowing them to send, receive, launch, and delete data.
Working Mechanism
The threat actors are spearphishing victims with a malicious zip file using the job role described on the target’s LinkedIn profile, according to eSentire’s Threat Response Unit (TRU). For instance, if a LinkedIn member’s job title is Senior Account Executive, International Freight, then the malicious zip file will be named as Senior Account Executive – International Freight position; note the “position” added at the end.
The victim unwittingly initiates the stealthy installation of the fileless backdoor, more_eggs, upon opening the fake job offer in LinkedIn. The sophisticated backdoor, once loaded, can download additional malicious plugins and give the attacker direct access to the victim’s device.
Golden Chickens, the threat community behind more_eggs, sells the backdoor to other cybercriminals as a Malware-as-a-Service (MaaS) basis.
Once more_eggs backdoor trojan is installed on the victim’s computer system, Golden Eggs’ shady customers can use the backdoor to infect the system with any form of malware, like ransomware, password stealers, banking malware, or simply use the backdoor to exfiltrate data.
More_Eggs Backdoor Threats
Commenting on the threats, Rob McLeod, Sr. Director of the Threat Response Unit (TRU) for eSentire said that “Three elements which make it a formidable threat to businesses and business professionals,”
• Because it runs as standard Windows processes, anti-virus and other automated security solutions are unlikely to detect it, making it very stealthy.
• Threat actors strategy of including the victim’s LinkedIn job position in the weaponized job offer raises the likelihood that the malware will be detonated by the receiver.
• Unemployment rates have risen sharply since the COVID pandemic. It’s the ideal time for the threat actors to take advantage of job seekers who are in desperate need of work. In these trying times, a personalised career lure is even more appealing for the unsuspecting victims.
Safety Tips
One thing to remember is that no one will directly message you from LinkedIn and give you a job. Above everything, every employer would hire you. If you see any job openings on LinkedIn, go there and apply or send an email directly to the company.
To stop being duped by the malicious elements, pay attention to the messages that are being sent to you. If it’s your profile and there’s a ZIP file, and you’re not sure about it, don’t click on it.
Concluding Observation
The TRU team has yet to find forensics that reveal the identity of the hacking community attempting to spearphish LinkedIn members. Even so, three well-known threat groups have used this malware-as-a-service: FIN6, Cobalt Party, and Evilnum.