Perfect LinkedIn Job Offer May Be Sophisticated Malware Program
(April 9, 2021) That perfect job offer you receive from LinkedIn could be a sophisticated backdoor Trojan to take over your computer, according to eSentire, a cybersecurity solutions provider.
The company found hackers are targeting professionals on LinkedIn using a malicious zip file. The hackers use the job position listed on the target’s LinkedIn profile. Attached to the email is a zip file that contains the backdoor “more_eggs,” which provides remote control access over the computer, enabling the hacker to send, receive, launch, and delete files. “More_eggs” is sold by Golden Chickens as a malware-as-a-service arrangement with cybercriminals.
Rob McLeod, senior director of eSentire’s threat response unit, said “more_eggs” is a “formidable threat” for three reasons:
- It uses normal Windows processes to run so it is not picked up by anti-virus and automated security solutions.
- It includes the target’s job position on LinkedIn, increasing the odds that the recipient will detonate the malware.
- It takes advantage of the current high unemployment rate by customizing the job description to entice the recipient to open the file.
The malware program also includes a job application in a Word file. The job application has no functional purpose in launching the malware but is used to distract the victim from the background tasks of “more_eggs.”