Jobs hide malware on Linkedin -
As they have grown in popularity, social networks have become a real playground for hackers.
The latter regularly disseminate phishing campaigns or attempt to spread viruses through malicious links.
And if this is particularly the case on Facebook and Messenger, other social networks are not spared.
And the professional social platform LinkedIn is no exception.
For several years now, a Trojan horse known as more_eggs has been circulating on LinkedIn.
It is also regularly the subject of new dissemination campaigns and this is particularly the case today, as reported by cybersecurity researchers at eSentire.
But the modus operandi remains much the same: a tempting job posting containing a ZIP file in which the malware is hiding.
Unfortunately, "by opening the bogus job posting, the victim unwittingly launches the stealth installation of the file-less backdoor, more_eggs," explains one of the eSentire researchers.
Once installed, the malware is able to steal personal information about its victims and communicate it remotely to its perpetrators.
more_eggs walks on eggshells
The biggest problem with the malware is that it is silent, it acts quietly without making waves, which obviously makes it particularly dangerous.
Especially since the ZIP file for the job offer is real, so the victim sees nothing but fire.
Apart from stealing personal data, the malware can also take control of the victim's computer to install other viruses, including ransomware and banking malware.
For cybersecurity experts at eSentire, the hacker group behind the spread of more_eggs is selling backdoor access on infected computers to other hackers.
The coronavirus pandemic has reportedly affected the spread of the malware.
“Since the pandemic, the unemployment rate has increased drastically.
Now is the perfect time to go after job seekers who are desperate to get hired.
In these difficult times, a personalized trap in the form of a job posting is even more appealing, ”explains eSentire.
It is obviously advisable to check where job postings are coming from on LinkedIn and to avoid downloading anything and everything.
And if the offer you saw is particularly attractive, it must probably be fake and could even turn out to be dangerous.
According to eSentire researchers, the virus hides in ZIP files that end in "position", for example;
“Senior Account Executive - International Freight position”.
By the Web
"This is the biggest data breach ever seen online" ... Nearly 3.2 billion emails and passwords hacked
Android: Very sophisticated malware infiltrates phones masquerading as a system update