Security firm eSentire is warning of a new hacking campaign which cruelly takes advantage of jobseekers to hack company networks.
The spearfishing attackers are being perpetrated by hacking group Golden Chickens and send fake job offers to targets with details gleaned from their LinkedIn profile.
Someone who is an Associate Editor for example would be sent a zip file with the title “Associate Editor position” which, when opened, installs the more_eggs trojan on their PC. More_eggs is capable of giving hackers shell access to your PC and downloading further plugins.
In addition, it is very stealthy and runs as a normal windows process.
Golden Chickens are reportedly selling their hack as malware-as-a-service to any criminal who wants to hack a target. Rob McLeod, Sr. Director of the Threat Response Unit (TRU) for eSentire, notes that in the current economic climate this kind of phishing attempt is likely to be much more effective than otherwise.
In a statement Microsoft, who owns LinkedIn, said:
Millions of people use LinkedIn to search and apply for jobs every day — and when job searching, safety means knowing the recruiter you’re chatting with is who they say they are, that the job you’re excited about is real and authentic, and how to spot fraud. We don’t allow fraudulent activity anywhere on LinkedIn. We use automated and manual defenses to detect and address fake accounts or fraudulent payments. Any accounts or job posts that violate our policies are blocked from the site.
PC users should remain suspicious of attachments, no matter how convincing the cover letter. Read eSentire’s full report here.