2 min

Tags in this article

, , , , ,

Security researchers have discovered that hackers are increasingly focusing on LinkedIn users. They offer them a job on the business social network by means of a private message, or draw their attention to a vacancy. But instead of a job, the users have to deal with a More_eggs infection on their computer.

Since mid-2017, several hack campaigns have been discovered that distribute More_eggs. Almost all of these campaigns started with hackers who create fake profiles on LinkedIn. The attackers then used those accounts to target employees of U.S. companies in the retail, entertainment and pharmaceutical industries.

LinkedIn scan

The attackers approached the victims via LinkedIn and pointed out a vacancy that might be interesting. A week later, the attackers contacted the victims again via their work e-mail addresses. They reminded the victims of their correspondence via the Microsoft network site and reminded them once again of the vacancy.

These mails often contained a weblink that people could click on for additional information about the vacancy. The link referred to a site that looked reliable, but in the background the victims’ device was infected with More_eggs. In a number of other cases, the hackers’ mail contained a PDF document in the attachment containing working URLs.

In a number of other cases, the victims were asked to open a Word document containing additional information. But in order for the document to work correctly, the victims had to activate macros. Once they did, More_eggs was downloaded and the hackers could automatically load other scripts onto the devices.

Print year

This year, the number of attacks aimed at the spread of More_eggs continues to increase, according to researchers. Several campaigns have been discovered in which the hackers are active on LinkedIn and try to spread malware via private messages. Setting up a good defense against this kind of hurricane attack is complicated.

This is mainly because the defence against phishing largely depends on the people who are targeted by hackers. If they click on a url in good faith, the damage has often already been done. A good line of defence consists partly of staff training, so that employees do not just click on links.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.