Hackers target LinkedIn users with fake job offers

Get a free Techzine subscription!

Hacking group aims to infect users of the platform with malware

A group of malefactors calling themselves “Golden Chickens” is targeting LinkedIn users. They are enticing these professionals with offers of employment while really intending to infect those who respond with malware.

The cybersecurity firm eSentire Inc described the campaign in a Security Advisory this week. They detailed the campaign as a “spear-phishing” attack that infects victims with a sophisticated backdoor Trojan virus. Once installed, the virus gives the hacking group remote control over the victim’s computer. That allows the attackers to send, receive, launch and delete files.

In one example, if the LinkedIn member’s job is listed as “Senior Account Executive – International Freight,” the malicious file would be specifically targeted to the target with “position” added to the end of the job title. “Upon opening the fake job offer, the victim unwittingly initiates the stealthy installation of the fileless backdoor, more_eggs,” they explain. Once loaded, the sophisticated backdoor can download additional malicious plugins and provide hands-on access to the victim’s computer.

Selling the attack vector as a “Malware-as-a-Service”

The threat group behind more_eggs, Golden Chickens, sell the backdoor under a malware- as- a- service(MaaS) arrangement to other cybercriminals, according to eSentire.

“What is particularly worrisome about the more_eggs activity is that it has three elements which make it a formidable threat to businesses and business professionals,” said Rob McLeod, Sr. Director of the Threat Response Unit (TRU) for eSentire. The three factors are as follows:

1. It uses normal Windows processes to run so it is not going to typically be picked up by anti-virus and automated security solutions so it is quite stealthy.

2.Including the target’s job position from LinkedIn in the weaponized job offer increases the odds that the recipient will detonate the malware.

3.Since the COVID pandemic, unemployment rates have risen dramatically. It is a perfect time to take advantage of job seekers who are desperate to find employment. Thus, a customized job lure is even more enticing during these troubled times.

“These three elements make more_eggs, and the cybercriminals which use this backdoor very lethal,” he added.