• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
  • ChatGPT
    • Does ChatGPT Save Data?
AskCyber Home » News » social media » Hackers Exploit LinkedIn to Deliver Malware

Hackers Exploit LinkedIn to Deliver Malware

2019-02-25 by Michelle Dvorak

Hackers Exploit LinkedIn to Deliver Malware to Job Seekers

LinkedIn Job Candidates Targeted by Malware

Those using LinkedIn for job searches should be beware of a new malware attack. The initial point of contact is LinkedIn direct messages and the message comes in the form of a job offer that is similar to the recipient’s current job. Follow up emails are frequently sent to the recipient’s work email address in hopes of infecting a work computer. The malware campaign deploys More_eggs malware and targets professionals looking for new careers.

LinkedIn is used to deliver phishing emails containing fake jobs. Patient hackers impersonating headhunters send a series of direct messages via legitimate looking LinkedIn profiles. The emails establish trust and build up data for a spear phishing attack. The ultimate goal however, is to deliver malware to the readers’ device.

LinkedIn is an online treasure trove of personal data. Job Seekers are vulnerable and likely to have every relevant bit of information about themselves in clear view of the public giving them the best chance of being found in searches. The valuable data includes public facing contact information. Given a working email address and contact phone number, hackers can farm quite a bit more of information about a candidate by connecting it with profiles from other social media sites and public records.

LinkedIn Fake job Message
Image Credit: technadu.com

The malware campaign pushes fake job offers using LinkedIn direct messages and emails. Trust is established with multiple interactions while the necessary information to build a spear phishing attack vector is collected about the job seeker. During this phase, the hacker can glean more information about the job candidate like personal email address and physical address. The hacker impersonates a representative of a staffing company and sometimes directs the job candidate to a spoofed website. In other variations, the hacker sends a direct message or email with malicious attachments. The imposter website hosts malware downloader capabilities and attempts to compromise the readers device.

What is More_eggs?

More_eggs is a JScript downloader and malware. It has capabilities to gather files and data from the infected machine. In this cyber security attack More_eggs is along with VenomKit malware and Taurus Builder.

What is a Spear Phishing Attack?

You may be familiar with the term phishing attack. Spear phishing is the same type of attack, but it is more refined version that is generally delivered to smaller groups of victims. A phishing attack is any type of cyber attack, typically an email campaign that is used to gather information from the recipient. Spear phishing attacks are targeted directly at a known recipient. The contact details may have come from scraping data from social media profiles, employer email addresses, or tax data. Spear phishing and phishing scams work the same way. IN both cases the goal is acquire credit card and financial information. In the case of spear phishing, more information about the recipient is already collected prior to the commencement of the attack.

5 Phishing Email Examples
5 Phishing Email Examples

How More_eggs Malware Works

More_eggs malware delivery has variations to throw off victims and security experts. Contact begins with the target victim begins with a direct message from a LinkedIn profile. The initial message is the standard, default LinkedIn connection request, “Hi [Name], please add me to your professional network” or another short message.A follow up email may be sent a few days later to the recipient’s work email reminding them of the interaction and offer. The email may be harmless and without a malicious attachment or link. The email may contain a MS Word or .pdf attachment or simply links to a spoofed website. Opening either one can launch the malware downloader and begin the infection. The intention is to get the malware onto a work computer.

In other variations, the hacker attempts to lure the reader into downloading a malicious Microsoft Word file or a pdf attachment. If the target has macros enabled and opens a Word Doc, More_eggs malware is downloaded and executed on the victim’s machine. The .pdf attachment contains links to the spoofed website which will also initiate a More_eggs malware download.
Taurus Builder, VenomKit, and More_eggs are all used to deploy malware in this attack.

Filed Under: social media Tagged With: LinkedIn

About Michelle Dvorak

Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers


LinkedInTwitterFacebook

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version