With unemployment at formidable levels and the economy making it weird, covid-related investments, I think we can all agree that the job search is a pretty tough slogan right now. In the midst of all this, do you know what workers really don’t need? A LinkedIn inbox full of malware. Yes, they don’t need it at all.
However, this is apparently what some can get thanks to a group of cybercriminals.
The security firm eSentire recently published a report detailing how hackers connected to a group called “Golden Chickens” (I’m not sure who came up with it) have been conducting a malicious campaign that takes advantage of candidates’ desire to get a perfect position.
These campaigns involve deceiving business professionals who are not confident in clicking on job postings that have the same title as their current position. A message, slipped into the victim’s DM, lures them with an “offer” actually equipped with a spring-loaded .zip file. Inside this .zip is malicious software without a file called “more_eggs” that can help hijack a specific device. Investigators break down the operation of the attack:
… If the LinkedIn member ‘s job appears as Senior Account Executive: International Burden the malicious zip file would be titled Senior Account Executive: International Charge Position (note the “position” added at the end). By opening the fake job offer, the victim inadvertently initiates the stealthy installation of the backless file, more_eggs.
G / O Media may receive a commission
Whatever it is, the “hens” are probably not carrying out these attacks. Instead, they are pedaling what would be classified Malicious software as a service (MaaS)—This means that other cybercriminals buy them malware to carry out their own hacking campaigns. The report states that yes I don’t know who exactly is behind the recent campaign.
A backdoor Trojan like “more_eggs” is basically a program that allows you to load other more destructive types of malware into the system of a device or computer. Once a criminal has used the Trojan to get into the victim’s system, he can deploy other things like ransomware, banking malware, or credential theft, to wreak more havoc on his victim.
Rob McLeod, Sr. Director of the Threat Response Unit (TRU) for eSentire, described the activity as “particularly worrying”, as attempts at compromise could pose a “formidable threat to companies and business professionals”. “.
“Since the COVID pandemic, unemployment rates have risen sharply. It’s a perfect time to take advantage of job seekers who are desperate to find work. Therefore, a personalized attraction for the job is even more attractive during these difficult times, ”said McLeod.
We contacted LinkedIn to see what their idea is about this whole situation and we will update this story if they respond. Given that employers don’t usually do it alone offer If you have a job, you will think that this campaign would not be too difficult to avoid. Still, people click random things on the Internet all the time, usually out of curiosity, if nothing else. Suffice it to say that if you get a job offer that seems too good to be true, it’s probably best to avoid it.
UPDATE, 9:12 p.m. When it arrived by email, a LinkedIn spokesperson provided the following statement:
“Millions of people use LinkedIn to look for and apply for work every day; and when looking for work, security means knowing that the recruiter you’re chatting with is who they say they are, that the job you’re excited about is real and authentic, and “We do not allow fraudulent activities on any LinkedIn site. We use manual and automated defenses to detect and address fraudulent accounts or fraudulent payments. All accounts or work posts that violate our policies are blocked on the site.