LinkedIn is a professional platform for people looking for job opportunities. Taking advantage of the same, hackers belonging to the group “Golden Chickens” are now using the Microsoft-owned platform to infect people’s devices with malware.
This is being done by sending people fake job offer messages, something anyone should be on the lookout for.
As discovered by security firm eSentire, the hackers are targeting people with fake job offers and in turn infecting their devices with a backdoor trojan.
A backdoor trojan is a type of malware that provides hackers with remote access to people’s smartphones, computers, and more to get access to their personal data.
“if the LinkedIn member’s job is listed as Senior Account Executive—International Freight the malicious zip file would be titled Senior Account Executive—International Freight position (note the “position” added to the end).”
Once the file is opened, the installation of the trojan, named “more_eggs” will be initiated. This will download more malicious plugins and provide the cybercriminals with “hands-on” access to the victims’ devices.
Once all this happens, the devices can be injected with various kinds of malware that can steal people’s data, financial information, sensitive information, and more.
The trojan is pretty dangerous as anti-virus solutions can’t detect it because it uses normal Windows processes to run. The fact that it also includes the victim’s job position increases the chances of people opening it more now that people have lost their jobs due to the COVID-19 pandemic.
It is further revealed that the Golden Chickens threat group is associated with notable advanced threat groups, such as FIN6, Cobalt Group, and Evilnum. This makes the trojan stealthy.
Just to be safe, it’s a best practice to pay attention to job opportunities from legitimate sources, which includes not opening attachments from suspicious sources.