IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Hackers abuse LinkedIn DMs to plant malware

Fake jobs offers fool unsuspecting users into installing More_eggs back door

LinkedIn on a mobile device

Hackers are impersonating recruitment agencies on LinkedIn in a bid to target companies with backdoor malware.

Researchers at Proofpoint found that the malware campaigns primarily targeted US companies in various industries including retail, entertainment, pharmacy, and others that commonly employ online payments, such as online shopping portals.

In a blog post, the firm said hackers establish a relationship with potential victims by abusing LinkedIn's direct messaging service.

In follow-up emails, the actor pretends to be from a staffing company with an offer of employment. In many cases, the actor supports campaigns with fake websites that impersonate legitimate staffing companies. "These websites, however, host the malicious payloads. In other cases, the actor uses a range of malicious attachments to distribute More_eggs," the company said.

After a week, hackers then send a direct email to the target's work address reminding the recipient about the prior attempt to communicate on LinkedIn.

"It uses the target's professional title, as it appears on LinkedIn, as the subject, and often suggests the recipient click on a link to see the noted job description. In other cases, this actor used an attached PDF with embedded URLs or other malicious attachments," Proofpoint added. 

The URLs link to a landing page that spoofs a real talent and staffing management company, using stolen branding to enhance the legitimacy of the campaigns. This page then kicks off the download of the malicious Word document that then attempts to download and execute the "More_eggs" payload if the recipient has enabled macros.

"These campaigns demonstrated considerable variability, with the actor frequently changing delivery methods and more," the researchers added. 

They said that hackers are turning away from very large-scale "spray and pray" campaigns to focus more on focus on persistent infections with downloaders, RATs, bankers, and other malware.

The researchers warned: "We can expect more threat actors to adopt approaches that improve the effectiveness of their lures and increase the likelihood of high-quality infections."

Featured Resources

The Total Economic Impact™ Of Turbonomic Application Resource Management for IBM Cloud® Paks

Business benefits and cost savings enabled by IBM Turbonomic Application Resource Management

Free Download

The Total Economic Impact™ of IBM Watson Assistant

Cost savings and business benefits enabled by Watson Assistant

Free Download

The field guide to application modernisation

Moving forward with your enterprise application portfolio

Free Download

AI for customer service

Discover the industry-leading AI platform that customers and employees want to use

Free Download

Recommended

TikTok phishing campaign tried to scam over 125 influencer accounts
social media

TikTok phishing campaign tried to scam over 125 influencer accounts

18 Nov 2021
Hackers could use new Wslink malware in highly targeted cyber attacks
malware

Hackers could use new Wslink malware in highly targeted cyber attacks

1 Nov 2021
FBI raids Chinese POS business following cyber attack claims
malware

FBI raids Chinese POS business following cyber attack claims

27 Oct 2021
Facebook's Oversight Board demands more transparency
social media

Facebook's Oversight Board demands more transparency

21 Oct 2021

Most Popular

Apple patches 'superpower' zero-days affecting iPhones, iPads, and Macs
zero-day exploit

Apple patches 'superpower' zero-days affecting iPhones, iPads, and Macs

18 Aug 2022
Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
The benefits of a hardware update for SMBs
Sponsored

The benefits of a hardware update for SMBs

2 Aug 2022