Home / Technology / LinkedIn job offers may be exposed to malware.

LinkedIn job offers may be exposed to malware.

Illustration for an article titled New Phishing Campaign Submit a Malware Job Offer Via LinkedIn.

Photograph: A. Carl Court (Getty Images)

With unemployment On a formidable level And the economy is strange A reversal involving COVID I think we can all agree that job hunting is difficult right now. In the midst of that, do you know what workers really don’t need? LinkedIn inbox full of malware Yes, they don’t want that at all.

However, that is clearly something that someone might have gained from a group of cyber-assassins.

Security company eSentire recently Publish report Details of how hackers connect to a group called “Golden Chickens” (I’m not sure who came up with it) is waging a dangerous campaign that lures job seekers to the perfect position.

These The campaign involves convincing unsuspecting businessmen to click on a job offer of the same title as their current position. The message slides into the victim’s DM, enticing them with a “Offer” accompanying the file. zip files within .zip are malware without a file named “more_eggs” that can help hijack a target device. The researchers explain how the attacks work:

… if a LinkedIn member’s job is listed Senior Account Executive – International Freight The malicious zip file will be named Senior Account Executive – International Shipping Positions (note the appended “position”)When a fake job offer is opened, the victim will inadvertently initiate a stealth installation of more_eggs.

No matter who they are, the “chicken” may not be attacking by themselves. But they’re kicking things to classify. Malware as a Service (MaaS)This means that other cybercriminals buy malware from them to run their own hacking campaigns. Report recorded as It’s not clear who exactly. Is Latest behind the scenes Campaign

Secret trojans such as “more_eggs” are basically programs that allow more destructive types of malware to be loaded onto the system of a device or computer. Once criminals use trojans to enter their victims’ systems, they can deploy other things like ransomware, bank malware, or credential thieves to wreak more havoc on their victims.

ESentire Senior Director of Threat Response Unit (TRU) Rob McLeod calls the event “Extremely worrisome”, as a compromise effort could entail “Terrifying threat to businesses and business professionals”?

“Since the COVID outbreak, the unemployment rate has risen dramatically. It’s the perfect time to take advantage of desperate job seekers to find work. Hence, custom job temptations become more attractive in these critical times, ”says McLeod.

We reached out to LinkedIn to see how they handled all of these situations and will update this story if they respond. Consider that employers often not only offer You’re a job, you probably think this campaign isn’t too hard to avoid. But people are constantly clicking random things on the Internet, often out of curiosity, if nothing else. Suffice it to say, if you get a job offer that looks too good to be true, it might be best to steer clear.

Update 9:12 p.m. When contacted by email, a LinkedIn spokesperson provided the following message:: A.

“Millions of people use LinkedIn to find and apply for jobs every day, and when looking for jobs, safety means knowing that the recruiter you’re chatting with is who they say the job you’re excited about is real and genuine. And how to detect fraud We don’t allow fraudulent activity anywhere on LinkedIn.We use automatic and manual protection to detect and deal with fraudulent accounts or fraudulent payments. Any account or job posting that violates our policies will be blocked from the site. “

Source link