- a group of cybercriminals are taking advantage of the job seekers by sending them malware masked as job openings.
- The professionals on LinkedIn are being tricked to click on job offers that are titled the same thing as their current designation.
- Once the malware is installed in the targeted device, the cybercriminals will gain complete control of the device.
COVID-19 has not only caused a health scare but has also severely impacted the economy. Scores of people have lost their jobs because companies couldn't keep the show running during the coronavirus-induced lockdown. Even though the lockdown has been lifted now, the companies are struggling to get back on their feet. And just when people thought that COVID-19 has loosened its grip, It is back to wreak havoc again. Meanwhile, Linkedin has become a ray of hope for job hunters. But some cybercriminals are taking advantage of the job seekers by sending them malware masked as job openings.
As per security firm eSentire, a group of cyberattackers have found new targets in job seekers on Linkedin. The group which is called "Golden Chickens" has found a rather innovative way of tricking people to click on their malicious links, that further installs the malware in the victim's device. The report states that the professionals on LinkedIn are being tricked to click on job offers that are titled the same thing as their current designation.
"For example, if the LinkedIn member's job is listed as Senior Account Executive—International Freight the malicious zip file would be titled Senior Account Executive—International Freight position (note the "position" added to the end). Upon opening the fake job offer, the victim unwittingly initiates the stealthy installation of the fileless backdoor, more_eggs. Once loaded, the sophisticated backdoor can download additional malicious plugins and provide hands-on access to the victim's computer," eSentire research team states.
Once the malware is installed in the targeted device, the cybercriminals gains complete control of the device. They can use the hijacked device to deploy ransomware, banking malware and corrupt more devices.
Rob McLeod, Senior Director at eSentire, called the entire situation pretty worrisome."Since the COVID pandemic, unemployment rates have risen dramatically. It is a perfect time to take advantage of job seekers who are desperate to find employment. Thus, a customized job lure is even more enticing during these troubled times," he said.
Addressing the issue, Linkedin said that it manually detects fake accounts or fraudulent payments and blocks them from the site. "Millions of people use LinkedIn to search and apply for jobs every day — and when job searching, safety means knowing the recruiter you're chatting with is who they say they are, that the job you're excited about is real and authentic, and how to spot fraud. We don't allow fraudulent activity anywhere on LinkedIn. We use automated and manual defenses to detect and address fake accounts or fraudulent payments. Any accounts or job posts that violate our policies are blocked from the site," a Linkedin spokesperson told Gizmodo.