Linkedin has proven to be an excellent job search tool. With 3,731,000 people out of work in Spain and a multitude of regulated people, drawing an access route to the labor market is an experience that millions of users go through, in addition to those who are exploring new growth opportunities.
In practical terms, this translates into a multitude of Internet users interested in job offers, a candy that ‘hackers’ have not hesitated to attack. Several Linkedin offers are actually Trojan viruses that threaten users’ computer security..
The research team at eSentire, a cybersecurity solutions provider, warns that a hacking group is targeting business professionals on LinkedIn with Fake job postings in an effort to infect them with a sophisticated backdoor Trojan.. The virus provides remote control over the victim’s computer, allowing it to send, receive, start, and delete files.
To cast it on PC, criminals attach a malicious zip file to the offer using the title listed on the victim’s LinkedIn profile. Opening the bogus job offer starts the fileless backdoor stealth install more_eggs which can download additional malicious add-ons and provide convenient access to the computer.
The threat group behind more_eggs, Golden Chickens sells the backdoor under a Malware-as-a-Service (MaaS) deal to other cybercriminals. “What is particularly concerning about more_eggs activity is that it has three elements that make it a formidable threat to businesses and professionals,” explains eSentire Threat Response Unit Director Rob McLeod.
The system uses normal Windows processes to run so it is generally not detected by antivirus and automated security solutions. Therefore, it is stealthy. Including the job title of the LinkedIn target in the list of build jobs increases the likelihood that the recipient will download the malware. The current moment of economic and employment uncertainty increases the normal impact of a gender virus.
