People hunting for jobs on LinkedIn are being hunted themselves, by cybercriminals during this COVID-19 era. A new report from cybersecurity company eSentire claims a group of hackers that call themselves Golden Chickens are using LinkedIn to distribute a fileless backdoor known as more_eggs.
eSentire said that a particular hacking group has been targeting business professionals on LinkedIn with fake job offers to try and infect their devices with remote code execution malware.
Remote code execution malware gives hackers remote access and control over the victim’s device, in this case, the computer/laptop. And allows them to send, receive, launch and even delete files without the victim knowing.
They will send you a direct message in form of Zip file
To start off, hackers send a direct message (DM) to a user with a job offer. This job offer comes accompanied by a Zip file or has an attachment of some sort with the extension .zip. This .zip file is the hidden malware that helps hackers get into the user’s device.
As eSentire explained with an example, “If the LinkedIn member’s job is listed as Senior Account Executive—International Freight the malicious zip file would be titled Senior Account Executive—International Freight position (note the “position” added to the end).”
Once the unsuspecting victim opens the .zip file he/she initiates the “stealthy installation of the fileless backdoor, more_eggs”.
Senior Director of the Threat Response Unit (TRU) for eSentire, Rob McLeod, called the activity “particularly worrisome” especially in a time like this when thousands of people are looking for jobs online.
How to avoid attacks like this?
For starters don’t open the file which is in ‘zip’ format. Be mindful of additions like these and spelling errors.
Gizmodo reached out to LinkedIn regarding this and this is what they had to say:
“Millions of people use LinkedIn to search and apply for jobs every day — and when job searching, safety means knowing the recruiter you’re chatting with is who they say they are, that the job you’re excited about is real and authentic, and how to spot fraud. We don’t allow fraudulent activity anywhere on LinkedIn. We use automated and manual defenses to detect and address fake accounts or fraudulent payments. Any accounts or job posts that violate our policies are blocked from the site.”