Hackers abuse LinkedIn DMs to plant malware
Fake jobs offers fool unsuspecting users into installing More_eggs back door
Hackers are impersonating recruitment agencies on LinkedIn in a bid to target companies with backdoor malware.
Researchers at Proofpoint found that the malware campaigns primarily targeted US companies in various industries including retail, entertainment, pharmacy, and others that commonly employ online payments, such as online shopping portals.
In a blog post, the firm said hackers establish a relationship with potential victims by abusing LinkedIn's direct messaging service.
In follow-up emails, the actor pretends to be from a staffing company with an offer of employment. In many cases, the actor supports campaigns with fake websites that impersonate legitimate staffing companies. "These websites, however, host the malicious payloads. In other cases, the actor uses a range of malicious attachments to distribute More_eggs," the company said.
After a week, hackers then send a direct email to the target's work address reminding the recipient about the prior attempt to communicate on LinkedIn.
"It uses the target's professional title, as it appears on LinkedIn, as the subject, and often suggests the recipient click on a link to see the noted job description. In other cases, this actor used an attached PDF with embedded URLs or other malicious attachments," Proofpoint added.
The URLs link to a landing page that spoofs a real talent and staffing management company, using stolen branding to enhance the legitimacy of the campaigns. This page then kicks off the download of the malicious Word document that then attempts to download and execute the "More_eggs" payload if the recipient has enabled macros.
"These campaigns demonstrated considerable variability, with the actor frequently changing delivery methods and more," the researchers added.
They said that hackers are turning away from very large-scale "spray and pray" campaigns to focus more on focus on persistent infections with downloaders, RATs, bankers, and other malware.
The researchers warned: "We can expect more threat actors to adopt approaches that improve the effectiveness of their lures and increase the likelihood of high-quality infections."
The Total Economic Impact™ Of Turbonomic Application Resource Management for IBM Cloud® Paks
Business benefits and cost savings enabled by IBM Turbonomic Application Resource ManagementFree Download
The Total Economic Impact™ of IBM Watson Assistant
Cost savings and business benefits enabled by Watson AssistantFree Download
The field guide to application modernisation
Moving forward with your enterprise application portfolioFree Download
AI for customer service
Discover the industry-leading AI platform that customers and employees want to useFree Download