With unemployment at formidable levels and the economy makes it weird, withdrawals related to covid, I think we can all agree that job hunting is a pretty hard slogan right now. In the middle of it all, do you know what workers really do not need? A LinkedIn inbox full of malware. Yes, they do not need it at all.
Still, it’s apparently what anyone can get thanks to a group of cyber-assholes.
Security firm eSentire recently published a report which describes how hackers affiliated with a group called “Golden Chickens” (I’m not sure who invented one) have run a malicious campaign that changes the job seeker’s desire for the perfect position.
These Promotions involve tricking unsuspecting business people into clicking on job offers that have the same name as their current position. A message, slipped into a victim DMs, bait them with an “offer” that is really rigged with a spring-loaded .zip file. Inside .zip is a file-free malware called “more_eggs” that can help hijack a targeted device. Researchers break down how the attack works:
… If the LinkedIn member’s job is listed as Senior Account Executive – International Freight the malicious zip file had the title Senior Account Executive – International freight position (note “position” added at the end). Upon opening the fake job offer, the victim inadvertently starts the insidious installation of the filthy back door, more_eggs.
No matter who they are, the “Chickens” will probably not carry out these attacks themselves. Instead, they step on what will be classified Malware-as-a-service (MaaS)—Which means other cybercriminals buy malicious software from them to conduct their own hacking campaigns. The report notes that it is unclear who exactly is behind the latter campaign.
A backdoor trojan like “more_eggs” is basically a program that allows other, more destructive types of malware to be loaded into the system of a device or computer. Once a criminal has used the Trojan to obtain a victim in the system of a victim, they can then distribute other items such as ransom, bank malicious software or credentials to wreak more havoc on the victim.
Rob McLeod, Sr. director of the Threat Response Unit (TRU) for eSentire, called the activity “particularly worrying” given how compromise attempts could pose a “formidable threat to businesses and business people.”
“Since the COVID pandemic, unemployment has risen dramatically. This is a perfect time to take advantage of job seekers who are desperate to find work. Thus, an adapted job block is even more tempting in these turbulent times, “said McLeod.
We reached out to LinkedIn to see what they take for the whole situation, and will update this story if they respond. Considering that employers usually do not just offer you a job, you would think that this promotion would not be too difficult to avoid. Yet people click on random things on the internet all the time – usually out of curiosity, if nothing else. Suffice it to say, if you get a job offer that seems too good to be true, it’s probably best to steer clear.
UPDATE, 21:12 When reached via email, a LinkedIn spokesman made the following statement:
“Millions of people use LinkedIn to search and apply for jobs every day – and when it comes to job searching, security means knowing that the recruiter you are chatting with is who they say they are, that the job you are passionate about is real and authentic, and how to detect scams. We do not allow fake activities anywhere on LinkedIn. We use automated and manual defenses to detect and address counterfeit accounts or counterfeit payments. All accounts or job postings that violate our policies are blocked from the site. ”