LinkedIn, beware of fake message sent by scammers

The cybersecurity firm Eset has discovered a malware campaign that started with a fake job offer on LinkedIn. How to defend

There are "mass" hacker attacks, and there are tailored attacks, finely targeting specific groups of users that could be highly profitable for the attacker. Either for the information that is possible to steal from them, or for the money that the hackers might be able to take from them. Eset discovered a campaign of this second type and dubbed it "In(ter)ception".

Unlike many other malware-based attacks sent to thousands of people and devices, In(ter)ception worked differently: specific users with high-level job profiles were selected and, via LinkedIn, fake job offers were sent (via equally fake profiles) for two famous American aerospace companies. That is, Collins Aerospace and General Dynamics. Eset detected this suspicious activity between September and December 2019, and the target users of the attack were mostly from Europe or the Middle East. The collaboration between Eset and the two American companies made it possible to put an end to these attack attempts.

In(ter)ception: how the attack worked

The first step of the In(ter)ception hacking campaign was to create fake LinkedIn profiles of users posing as human resources executives of one of the two aerospace companies. The second step was the selection of the victim, who was then contacted via private message with a very tempting job offer in the company.

In this phase the attack was not automated at all, but "handmade": a hacker in person chatted with the victim to convince him to accept the job offer, even via a great salary. And the salary was just the bait: the victim was sent a password-protected Rar file, containing a job.offer.lnk file that, before showing the Pdf (in which the user would have found the company's economic proposal), executed the malicious code. Under the guise of a job offer, malware was then downloaded onto the victim's PC.

In(ter)ception: what was at risk

According to Eset, the malware deposited on the victim's hard drive was primarily spyware, which periodically sent data from the infected computer to various remote servers. Unfortunately, however, due to the sophisticated techniques adopted by the malware, not even Eset was able to find out what information was being extracted from the victim's computer. In one case, however, there was also an e-mail scam attempt that failed because the targeted user became suspicious right away.