LinkedIna social network aimed at business use, has 17 million users in Spain, according to Statista data from 2023, something that cybercriminals take into account to take advantage of the desire to get a job on the social network and there are many ways in which they can deceive users.
One of them are the fake job offers and an Iranian hacker has taken his cue from hackers by developing his own version of the campaign called ‘Dream Job’ targeting the aerospace industry to distribute malware to users of LinkedIn.
This is the malware that threatens LinkedIn users
According to Israeli cybersecurity company ClearSky, an Iranian hacker known as TA455has imitated said campaign that offers fake aerospace industry jobs since at least September 2023. They comment that TA455 is part of a hacker collective to which a series of campaigns aimed at the aerospace, aviation and defense industry in the Middle East, including Israel, the United Arab Emirates, Türkiye, India and Albania.
As reported from The Hackers News, The attacks involve the use of social engineering tactics that employ work related lures to introduce two rear doors called MINIBIKE and MINIBUS. In fact, the business security company Proofpoint assures that they use front companies to engage with victims through a LinkedIn contact page.
Attack chains use fake recruitment websites and LinkedIn profiles to distribute a ZIP file which, among other files, contains an executable (‘SignedConnection.exe’) and a malicious dll file (‘secur32.dll’) which is loaded when the EXE file is executed. They also provide a detailed guide in PDF to its victims to instruct them on how to safely download the ZIP file from the publishing site. fake employment and start the application.
From Microsoft They claim that it is a Trojan loader called SnailResinwhich is responsible for loading Slug Resin as a backdoorwhich makes it possible for cybercriminals to implement the malware to steal credentials, different data and information and move to other devices on the network. The attacks are also characterized by GitHub usage as a deadlock solver, allowing hide malicious operations and mix with legitimate traffic.
#Beware #discover #job #offers #LinkedIn #malware
