Jump to content

Hackers Turn to Microsoft’s LinkedIn to Infect Users’ Devices


The AchieVer

Recommended Posts

Hackers Turn to Microsoft’s LinkedIn to Infect Users’ Devices 

Cybercriminals have turned to Microsoft’s LinkedIn business social network to look for potential targets, spamming them with fake job offers in an attempt to drop malicious payloads on their devices.

Cybercriminals have turned to Microsoft’s LinkedIn business social network to look for potential targets, spamming them with fake job offers in an attempt to drop malicious payloads on their devices.

Security company Proofpoint explains that in most of the cases, the purpose is to deliver the More_eggs backdoor, which plays the role of a downloader to allow an attacker to deploy additional malware on the compromised host.

In an analysis, the firm says the malicious actors typically create LinkedIn profiles that try to reach out to their targets with a short message highlighting a job opportunity.

A few days later, hackers return with direct emails to the work address used on LinkedIn in order to direct targets to websites they claim to host more information on the said job ad.

“The URLs link to a landing page that spoofs a real talent and staffing management company, using stolen branding to enhance the legitimacy of the campaigns,” Proofpoint researchers note.Malicious downloadsOnce loaded, the website begins the download of a malicious Microsoft Word document that includes macros specifically crafted to download the More_eggs backdoor. The aforementioned URLs sometime include PDFs with fake job details, also pointing to malicious URLs.

Depending on the attack, the campaign can get more complex and use URL shorteners, other attachments, password-protected Microsoft Word documents, and even “completely benign emails without a malicious attachment or URL attempting to further establish rapport.”

“This actor provides compelling examples of these new approaches, using LinkedIn scraping, multi-vector and multistep contacts with recipients, personalized lures, and varied attack techniques to distribute the More_eggs downloader, which in turn can distribute the malware of their choice based on system profiles transmitted to the threat actor,” Proofpoint explains.

There’s no magic trick to stay protected here: just ignore messages that point you to websites looking suspicious or including attachments that could pose a risk of infection and always, but always, keep your security tools up-to-date.
 
 
 
Link to comment
Share on other sites


  • Replies 0
  • Views 346
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...