With unemployment at formidable levels and the economy is acting weird, covid-related reversals, I think we can all agree that the job search is a pretty tough job right now. In the midst of all that, do you know what employees really don’t need? A LinkedIn inbox full of malware. Yes, they don’t need that at all.
Nevertheless, apparently that’s what some can get, thanks to a group of cyber bastards.
Security company eSentire recently published a report which describes how hackers associated with a group called “Golden Chickens” (I’m not sure who came up with them) run a malicious campaign that preys on job seekers’ desire for the perfect position.
This one campaigns involve misleading unsuspecting business professionals into clicking jobs with the same title as their current position. A message shoved into a victim’s DMs lures them with an “offer” really rigged with a spring-loaded .zip file. Inside that .zip is a fileless malware called “more_eggs” that can help hijack a targeted device. Researchers explain how the attack works:
… if the LinkedIn member’s job title is listed as Senior Account Executive – International freight the malicious zip file would have the title Senior Account Executive – International Freight position (note the ‘position’ added at the end)Upon opening the fake job offer, victim unwittingly starts stealth installation of fileless backdoor, more_eggs.
G / O Media can receive a commission
Whoever they are, the “chickens” probably don’t perform these attacks themselves. Instead, they kick what would be classified Malware-as-a-service (MaaS)– which means that other cyber criminals buy the malware from them to run their own hacking campaigns. The report notes that this is so unclear who exactly is behind the recent campaign.
A backdoor Trojan such as “more_eggs” is essentially a program that can load other more destructive types of malware into the system of a device or computer. Once a criminal uses the trojan to access a victim’s system, they can use other things, such as ransomware, banking malware, or credential theft, to do more damage to their victim.
Rob McLeod, Sr. Director of the Threat Response Unit (TRU) for eSentire called the activity “of particular concern” given that the compromise efforts could pose a “formidable threat to companies and business professionals.”
“Since the COVID pandemic, unemployment rates have risen dramatically. It’s a perfect time to take advantage of job seekers who are desperate for work. Thus, luring a tailor-made job in these difficult times is even more attractive, ”said McLeod.
We’ve reached out to LinkedIn to see their thoughts on this whole situation and will update this story if they respond. Considering that employers usually don’t offer you have a job, you would think this campaign is not that hard to avoid. Still, people click random things on the Internet all the time – usually out of curiosity, if nothing else. Suffice it to say, if you get a job offer that seems too good to be true, you probably have the best shot.
UPDATE, 9:12 PM When a LinkedIn spokesperson was reached by email, he released the following statement
“Millions of people use LinkedIn to search and apply for jobs every day – and when looking for a job, security means knowing the recruiter you’re chatting with is who they say they are, that the job is true. you’re passionate about being real and authentic, and how to detect fraud. We don’t allow fraudulent activity anywhere on LinkedIn. We use automated and manual protection to detect and address fake accounts or fraudulent payments. Any accounts or job openings that are violate our policies will be blocked from the site. “