A report published by cybersecurity firm eSentire has found that hacker groups are using a new phishing scam that employs fake LinkedIn job offers.
The attacks employ fake job offers on LinkedIn that are similar to jobs that the target user either currently holds or held in the past. Once clicked on, a .zip file is force launched onto the users machine and downloads the “more_eggs” virus.
The “more_eggs” computer virus is a trojan style breaching tool that hackers can use to upload further malware to users machines. eSentire believes this vulnerability will be used to install things like ransomware, banking malware and credential stealing software.
It is currently unclear who is behind the attacks, but eSentire believes the group “Golden Chickens” to be involved, likely as the source of the “more_eggs” virus. eSentire believes that “Golden Chickens” is not directly involved but that they likely sold the malware to hacker groups for their own criminal use.
Senior Director of the Threat Response Unit (TRU) at eSentire, Rob McLeod, called the attacks “particularly worrisome” in an interview with Gizmodo. McLeod noted that the timing of the attacks were no coincidence, and that hacker groups were capitalizing on the reopening of businesses following the COVID-19 pandemic.
LinkedIn provided statements to Gizmodo, noting that LinkedIn verifies all users and businesses, and that any fake or misleading accounts would be immediately deleted in accordance with their Terms of Service.