LinkedIn security problems may come not from the website itself but from people trying to abuse it. Digital attackers launched a spear-phishing campaign on LinkedIn in April that used fake job offers to spread malware. The attackers attempted to trick professionals into opening a .ZIP file that used the same job position as the one listed on their LinkedIn profiles. That .ZIP file could then download more_eggs, a backdoor. It’s capable of running numerous malicious plugins, as well as enabling remote access to a victim’s computer. Read on to learn how attackers are using threats like more_eggs malware to go after people on LinkedIn. More_eggs, More Problems Researchers at eSentire disrupted the LinkedIn security spear-phishing incident. In this case, the attackers had targeted someone in the health care sector. Upon opening the .ZIP file referenced above, the campaign ran VenomLNK as an initial stage of the more_eggs backdoor. This resource misused Windows Management Instrumentation in a fileless attack chain. From there, TerraLoader, the backdoor’s plugin loader, could hijack legitimate Windows processes and present the victim with a fake Word document. The file masqueraded as a legitimate job application in an attempt to distract the victim from more_eggs working in the…
Read More
LinkedIn Security Warning: Malware Sent via Fake Job Offers
