LinkedIn Direct Message Containing Malware Spread Through Platform

Hackers often find newer and more unique ways to figure out how they are going to get access to your data and systems. LinkedIn, it seems, is the newest spot for these people to try and figure out how they are going to go about conducting their malicious actions. Hence, if you receive a DM on LinkedIn, you should be wary.

The truly insidious aspect of this particular type of hack is that it is trying to spread malware by manipulating people that are looking for jobs. The hackers pose as recruitment agencies and send messages that would establish a certain level of trust with the victim before they send links that would take the target to a landing page which would end up installing the malicious software onto their system.

Cyber Criminals are abusing LinkedIn DMs to plant malware
Screenshot of a message in which hacker abuse LinkedIn messaging by offering jobs
"This actor provides compelling examples of these new approaches, using LinkedIn scraping, multi-vector and multistep contacts with recipients, personalized lures, and varied attack techniques to distribute the More_eggs downloader, which in turn can distribute the malware of their choice based on system profiles transmitted to the threat actor.", explained ProofPoint a cyber security firm. Adding further, "In response to the increasing effectiveness of layered defenses and end user education efforts, we can expect more threat actors to adopt approaches that improve the effectiveness of their lures and increase the likelihood of high-quality infections."
This shows that malicious actors are changing the way they behave. They are no longer looking into large scale campaigns that aim to spread their viruses as far and wide as possible. Much on the contrary, they are trying to look for smaller targets, individuals who are going to be a lot less secure than an organization and would thus be much easier to crack.

No comments:

Post a Comment