Unemployed at formidable levels and the economy is going weird, covid inversions, I think we can all agree that job hunting is a pretty tough slogan right now. Between all of this, do you know why workers don’t really need it? A LinkedIn inbox full of malware. Yes, they don’t need that at all.
However, it seems that this is what some receive, thanks to a group of cyber idiots.
Security company eSentire recently published a report detailing how hackers connected to a group called “Golden Chicks” (I’m not sure who came up with that) carried out a malicious campaign that takes advantage of the desire of people looking for a job for the perfect position.
These campaigns involve deceiving unsuspecting professionals into clicking on job offers that have the same title as their current position. A message, inserted into a victim’s DMs, attracts them with an “offer” that is actually equipped with a spring-loaded .zip file. Inside that .zip is a malware without a file called “more_eggs” that can help hijack a targeted device. Researchers describe how the attack works:
… If the LinkedIn member post is listed as Senior Account Executive – International Freight the malicious zip file would be titled Senior Account Executive – International Freight Position (note the “position” added at the end). When opening the fake job offer, the victim inadvertently initiates the stormless installation of the back door without a file, more_eggs.
G / O Media may receive a commission
Whoever it is, the “chicks” probably don’t make these attacks themselves. Instead, pedal what would be classified Malware-as-a-service (MaaS)– Which means that other cybercriminals buy malware from them to run their own hacking campaigns. The report states that it is unclear who exactly It is behind the recent campaign.
A backdoor Trojan like “more_eggs” is basically a program that allows the loading of other more destructive types of malware into the system of a device or computer. Once a killer has used the Trojan to gain a point of restraint in a victim’s system, he can implement other things such as ransomware, banking malware, or credential theft to wreak more havoc on their victim.
Rob McLeod, Sr. Director of the Threat Response Unit (TRU) for eSentire, called the work “particularly worrying”, given how compromise attempts could pose a “formidable threat to companies and business professionals”.
“Since the COVID pandemic, unemployment rates have risen dramatically. It is a perfect time to take advantage of job seekers who are desperate to find a job. Thus, a personalized bait is even more attractive in these turbulent times, “said McLeod.
I contacted LinkedIn to see what they think about this situation and we will update this story if they respond. Since employers usually do not just offer if you are a job, you would think that this campaign would not be too difficult to avoid. However, people click on random things on the internet all the time – usually out of curiosity, if nothing else. Suffice it to say, if you get a job offer that seems too good to be true, it’s probably best to get it right.
UPDATE, 21:12 When contacted by email, a LinkedIn spokesperson provided the following statement:
“Millions of people use LinkedIn to search and apply for jobs every day – and when you’re looking for a job, security means you know that the recruiter you’re talking to is who they say they are, that the job you love is real and authentic and how to identify fraud. We do not allow fraudulent activity anywhere on LinkedIn. We use automatic and manual defense systems to also detect the address of false accounts or fraudulent payments. Any accounts or job postings that violate our policies are blocked from the site. ”