With unemployment on formidable levels and the economy is doing strange, kovid-related reversals, I think we can all agree that the job hunt is currently a pretty hard blow. In the midst of it all, do you know what workers really do not need? A LinkedIn mailbox full of malware. Yes, they do not need it at all.
Nevertheless, this is apparently what some get, thanks to one group of cyber holes.
The security firm eSentire recently a report published outlining how hackers were linked to a group called ‘Golden Chickens’ (I’m not sure who came up with the one) ran a malicious campaign that sought the job of finding the perfect position.
This campaigns involve unsuspecting business people knocking on job offers that are called the same as their current position. A message slipped into a victim’s DMs entices them with an ‘offer’ that is really packed with a feathered .zip file. Inside the .zip is a fileless malware called ‘more_eggs’, which can help hack a targeted device. Researchers break how the attack works:
… As the LinkedIn Member as Senior Account Manager – International Freight the malicious zip file would be titled Senior Account Manager – International Freight Position (note the position added at the end). At the opening of the fake job offer, the victim unknowingly begins the cunning installation of the fileless back door, more_eggs.
G / O Media can get a commission
Whoever it is, the “Chickens” probably do not carry out these attacks. Instead, they step on what would be classified Malware-as-a-service (MaaS)—Which means other cybercriminals are buying the malware from them to run their own hacking campaigns. The report notes that this is the case unclear who exactly is behind the recent campaign.
A Trojan backdoor like ‘more_eggs’ is basically a program that allows other, more destructive types of malware to be loaded into the system of a device or computer. Once a criminal has used the trojan to capture a victim’s system, they can use other things such as ransomware, bank fraud or theft of creditworthiness to further destroy their victim.
Rob McLeod, Sr. Director of the Threat Response Unit (TRU) for eSentire called the activity “particularly worrying” given how the compromise efforts could pose a “huge threat to businesses and business staff.”
“Since the COVID pandemic, the unemployment rate has risen dramatically. This is the perfect time to take advantage of job seekers who are desperate to find work. A personal lure is therefore even more enticing during these difficult times, ‘McLeod said.
We reached out to LinkedIn to see what they take from this situation, and will update this story as they respond. When you consider that employers usually do not just offer your job, you would think that this campaign would not be too difficult to avoid. Yet people are constantly clicking on random things on the internet – usually out of curiosity, if nothing else. Suffice it to say: if you get a job offer that is too good to be true, it’s probably best to be clear.
UPDATE, 21:12 A LinkedIn spokesperson emailed the following statement:
‘Millions of people use LinkedIn to look for and apply for jobs every day – and when you look for work, security means knowing that the recruiter you are talking to is who they say they are, that the job you are excited about , genuine and genuine, and how to detect fraud. We do not allow fraudulent activities anywhere on LinkedIn. We use automated and manual defense to detect and address fraudulent bills or fraudulent payments. Any accounts or mailings that violate our policies will be blocked from the site. ”