With unemployment at formidable levels and the economy is bad covid-related reversals, I think we can all agree that job hunting is quite a difficult task at the moment. In the midst of all that, do you know what workers really don’t need? A LinkedIn inbox full of malware. Yes, they don’t need that at all.
However, that’s apparently what some may be achieving, thanks to a bunch of cyber-jerks.
ESentire security company recently published a report detailing how hackers connected to a group dubbed “Golden Chickens” (not sure who came up with that one) have been running a malicious campaign that preys on job seekers’ desire for the perfect position.
Are The campaigns involve tricking unsuspecting business professionals into clicking on job offers that have the same title as their current position. A message, slipping into the victim’s direct messages, lures them in with an “offer” that is actually rigged with a spring-loaded .zip file. Inside that .zip is fileless malware called “more_eggs” that can help hijack a specific device. The researchers analyze how the attack works:
… If the LinkedIn member’s job appears as Senior Account Executive – International Freight the malicious zip file would be titled Senior Account Executive – International Freight Position (note “position” added at the end). By opening the bogus job offer, the victim unknowingly initiates the stealth installation of the fileless backdoor, more_eggs.
Whoever they are, the “chickens” are probably not carrying out these attacks on their own. Instead they are pedaling what would be classified Malware as a service (MaaS), Which means that other cybercriminals buy the malware from them to carry out their own hacking campaigns. The report states that it is it is not clear who exactly is behind the recent Bell.
A backdoor Trojan like “more_eggs” is basically a program that allows other, more destructive types of malware to be loaded onto the system of a device or computer. Once a criminal has used the Trojan to enter the victim’s system, they can deploy other things, such as ransomware, banking malware, or credential stealers, to wreak more havoc on the victim.
Rob McLeod, Senior Director of eSentire’s Threat Response Unit (TRU), called the activity “particularly concerning” given that compromise attempts could pose a “formidable threat to companies and business professionals.”
“Since the COVID pandemic, unemployment rates have increased dramatically. It is a perfect time to take advantage of job seekers who are desperate to find a job. So a custom work lure is even more attractive during these tough times, ”McLeod said.
We reached out to LinkedIn to see what their thoughts are on this whole situation and will update this story if they respond. Considering that employers do not usually offer has a job, I would think this campaign wouldn’t be too hard to avoid. However, people click on random things on the Internet all the time, usually out of curiosity, at least. Suffice it to say, if you get a job offer that seems too good to be true, it’s probably best to steer clear.
UPDATE, 9:12 pm When contacted by email, a LinkedIn spokesperson provided the following statement:
“Millions of people use LinkedIn to search and apply for jobs every day, and when job hunting, safety means knowing that the recruiter you’re chatting with is who they say they are, that the job you’re excited about is real and authentic. and how to detect fraud. We do not allow fraudulent activity anywhere on LinkedIn. We use automatic and manual defenses to detect and address fake accounts or fraudulent payments. All accounts or jobs that violate our policies are blocked on the site. “