Click to Skip Ad
Closing in...
  1. AirPods 2 Price
    11:46 Deals

    Amazon’s AirPods 2 price is the lowest it’s been all year, but not for much lo…

  2. Best Robot Vacuum Deals
    13:00 Deals

    Amazon’s best Roomba vacuum deal is the Roomba 675 for $199

  3. Furrion Outdoor TV Deals Reviews
    10:32 Deals

    These Furrion outdoor TV deals are crazy, and up to $400 off today at Amazon

  4. Best Car Detailing Products
    14:14 Deals

    The best car detailing product is a $5.59 tool on Amazon that pros don’t want you to…

  5. Top Amazon Deals
    08:06 Deals

    10 top Amazon deals you can only get if you have Prime

Your latest job offer on LinkedIn might actually be a phishing scam

April 7th, 2021 at 3:05 PM
LinkedIn job offer scam

Looking for a new job is always stressful. Looking for a new job in the middle of a viral pandemic is decidedly more stressful, and to make matters even worse, some total jerks are taking advantage of the situation to sneak malware into the inboxes of desperate job seekers. This week, security firm eSentire published an advisory to warn LinkedIn users of a new phishing attack being used by hackers to infect devices with backdoor Trojans.

The fake job offer scheme was reportedly hatched by a hacking group that goes by the name Golden Chickens, and the fileless backdoor Trojan horse is appropriately named more_eggs. The scheme involves taking the title from a user’s profile, such as Associate Editor, and then sending them a job offer with a zip file titled “Associate Editor position” attached. If you open the file, more_eggs will be installed on your device without any warning. The Trojan is capable of downloading malicious plugins and giving hackers direct access to your system.

Today's Top Deal 88,000+ Amazon shoppers love these luxurious bed sheets that keep you cool at night! Price:$34.95 Buy Now Available from Amazon, BGR may receive a commission Available from Amazon BGR may receive a commission

It’s certainly a clever scheme, and eSentire reports that the Golden Chickens are selling more_eggs under a malware-as-a-service (MaaS) arrangement to cybercriminals that want to hack unsuspecting job hunters. Once a machine has been infiltrated, hackers can install even more malware, from ransomware to credential stealers.

Rob McLeod, Sr. Director of the Threat Response Unit (TRU) for eSentire, explains the seriousness of the Trojan:

  1. It uses normal Windows processes to run so it is not going to typically be picked up by anti-virus and automated security solutions so it is quite stealthy.
  2. Including the target’s job position from LinkedIn in the weaponized job offer increases the odds that the recipient will detonate the malware.
  3. Since the COVID pandemic, unemployment rates have risen dramatically. It is a perfect time to take advantage of job seekers who are desperate to find employment. Thus, a customized job lure is even more enticing during these troubled times.

“Since this spearphishing attack was disrupted, the TRU team cannot know with certainty what the end game is for this incident,” the eSentire team explains in the report on its website. “What we do know is that this current activity mirrors an eerily similar campaign which was reported in February 2019, where U.S. retail, entertainment and pharmaceutical companies, which offer online shopping, were targeted. The threat actors went after employees of these companies with fake job offers, cleverly using the job title listed on their LinkedIn profiles, in their communications to the employees. Similar to the current incident, they also used malicious email attachments and if the target clicked on the attachment, they got hit by more_eggs.”

LinkedIn offered Gizmodo the following statement when reached for comment about the attacks:

Millions of people use LinkedIn to search and apply for jobs every day — and when job searching, safety means knowing the recruiter you’re chatting with is who they say they are, that the job you’re excited about is real and authentic, and how to spot fraud. We don’t allow fraudulent activity anywhere on LinkedIn. We use automated and manual defenses to detect and address fake accounts or fraudulent payments. Any accounts or job posts that violate our policies are blocked from the site.

As always, be careful when receiving correspondence of any kind from an unfamiliar source. You might be tempted to open an email or a private message without a second thought when the header is promising you a chance at employment, but now is not the time to let your guard down when it comes to phishing attacks.

Today's Top Deal 88,000+ Amazon shoppers love these luxurious bed sheets that keep you cool at night! Price:$34.95 Buy Now Available from Amazon, BGR may receive a commission Available from Amazon BGR may receive a commission

Jacob started covering video games and technology in college as a hobby, but it quickly became clear to him that this was what he wanted to do for a living. He currently resides in New York writing for BGR. His previously published work can be found on TechHive, VentureBeat and Game Rant.

Popular News