If You’re Active on LinkedIn, You Should Read This…

Hackers Spearphish Professionals on LinkedIn with Fake Job Offers, Infecting them with Malware, Warns eSentire

eSentire, a leading cybersecurity solutions provider, is warning enterprises and individuals that a hacking group is spearphishing business professionals on LinkedIn with fake job offers in an effort to infect them with a sophisticated backdoor Trojan. Backdoor trojans give threat actors remote control over the victim’s computer, allowing them to send, receive, launch and delete files.

eSentire’s research team, the Threat Response Unit (TRU), discovered that hackers are spearphishing victims with a malicious zip file using the job position listed on the target’s LinkedIn profile. For example, if the LinkedIn member’s job is listed as Senior Account Executive—International Freight the malicious zip file would be titled Senior Account Executive—International Freight position (note the “position” added to the end). Upon opening the fake job offer, the victim unwittingly initiates the stealthy installation of the fileless backdoor, more_eggs. Once loaded, the sophisticated backdoor can download additional malicious plugins and provide hands-on access to the victim’s computer.

What Risk Does More_Eggs Backdoor Pose to Your Customers?

“What is particularly worrisome about the more_eggs activity is that it has three elements which make it a formidable threat to your customers,” said Rob McLeod, Sr. Director of the Threat Response Unit (TRU) for eSentire. They are:

1. It uses normal Windows processes to run so it is not going to typically be picked up by anti-virus and automated security solutions so it is quite stealthy.

2.Including the target’s job position from LinkedIn in the weaponized job offer increases the odds that the recipient will detonate the malware.

3.Since the COVID pandemic, unemployment rates have risen dramatically. It is a perfect time to take advantage of job seekers who are desperate to find employment. Thus, a customized job lure is even more enticing during these troubled times.

Attackers are advancing their capabilities at unprecedented rates. Rest easy knowing eSentire’s Threat Response Unit is continuously developing the latest methods that keep your customer’s environment safe from tomorrow’s threats, today.

To learn more about how to prevent these types of attacks, eSentire’s managed detection and response services can help.

Manage – Manage the data, devices and services that provide visibility across your customer’s threat surfaces so they don’t have to.
Detect – Rapidly detect what others miss. From automated threats to sophisticated manual attacks.
Respond – Stoprs attacks before your customers even know they’ve started and before they impact their business.

Chat with Us

This site uses Akismet to reduce spam. Learn how your comment data is processed.