LinkedIn is one of the most popular networks of working professionals, with thousands of people looking for new jobs almost every day. It has now been established that hackers are hiding malware in fake LinkedIn job offers to trick people into downloading an internal Trojan horse and infecting their devices.
According to security company eSentire, these internal Trojans give hackers remote control over a victim’s computer, where they can send, receive, manage and delete their files and personal data. ESentire’s Threat Response Unit (TRU) research team discovered this phishing attack, which showed that hackers attack victims with a malicious zip file using features specified in the target’s LinkedIn profile.
For example, if a LinkedIn member’s job is listed as Senior Account Executive – International Shipping, the malicious zip file would be named Senior Account Executive – International Freight position (note the “job” added at the end). Once opened, the victim begins by unintentionally installing a fileless backdoor, more_eggs. Once loaded, the sophisticated backdoor can load malicious plugins and provide practical access to the victim’s computer, ”explains the eSentire report.
The hackers behind more_eggs, Golden Chickens, are selling these backdoors under a Malware as a Service (MaaS) agreement to other cybercriminals. What’s really scary is that once more_eggs hits the victim’s computer system, the primitive Golden Eggs clients can infiltrate the system and infect the system with any type of malware – ransomware, credential theft, banking malware, etc.
Moreover, because more_eggs uses regular Windows processes to start, it is not scanned by antivirus and automated security solutions. As the unemployment rate skyrocketed amid the coronavirus pandemic, this scam attack could affect large numbers of people and people are more likely to download malware onto their computers.