The unfortunate rise in unemployment caused by the pandemic made communities on platforms like LinkedIn much more active. Job seekers began to hunt for new opportunities and employers started looking for candidates to fill empty positions.
Unfortunately, some hackers have decided this is a good time to try and steal data from other LinkedIn users.
Hackers Are Taking Advantage of Job Seekers on LinkedIn
According to a report by cybersecurity company eSentire, a group of scam artists collectively named “Golden Chickens” is spear phishing unsuspecting business professionals with fake LinkedIn job offers.
eSentire writes that the targeted victims are part of the healthcare technology sector. The hackers are trying to obtain the victims’ personal data by sending them a malicious ZIP file that contains a backdoor or remote access trojan.
The file is named after the position that the victim has listed on their LinkedIn profile:
For example, if the LinkedIn member’s job is listed as Senior Account Executive—International Freight the malicious zip file would be titled Senior Account Executive—International Freight position (note the “position” added to the end). Upon opening the fake job offer, the victim unwittingly initiates the stealthy installation of the fileless backdoor, more_eggs [name of the trojan].
Once more_eggs has been loaded, Golden Chickens has full access to the victim’s computer. This enables the group to view, edit, or save any files on the system, as well as grants the opportunity to infect the system with malware such as ransomware, spyware, credential stealers, etc.
What’s more, Golden Chickens reportedly sells more_eggs to other cybercriminals under a malware-as-a-service (MaaS) arrangement. Other notable advanced threat groups that use the backdoor for their own scams include FIN6, Cobalt Group and Evilnum.
Rob McLeod, Sr. Director of the Threat Response Unit (TRU) for eSentire, says that more_eggs is a formidable threat to businesses and business professionals because it uses normal Windows processes to run. This means that it typically won’t be detected by anti-virus and automated security solutions.
That’s on top of the fact that the pandemic has ushered in more troubled time for some. There are lots of people desperate to find employment these days, which in some cases, leaves them more vulnerable to personalized phishing campaigns.
Be Careful of What Files You Download From LinkedIn
The best way to ensure you don’t get involved in a scam like this is to be mindful of what files you download to your computer.
If an employer (or anyone online, for that matter) sends you a file and you aren’t familiar with them, take a few moments to do a quick background check—see if they seem to be an authentic or credible source.
Keep an eye out for obvious indicators of bad actors as well, like the name of the file you’re being asked to download, or whether you’ve applied for a position at the company that’s messaging you.