author photo
By Bruce Sussman
Tue | Feb 26, 2019 | 10:51 AM PST

If you are a professional looking for a job, there's a good chance you are using LinkedIn to do it.

Or if you're in InfoSec, some of your firm's employees are using the social media platform. 

And the Proofpoint Threat Insight Team just revealed how hackers are taking advantage of this to try to install a backdoor on devices and networks:

"Since the middle of 2018, Proofpoint has been tracking campaigns abusing legitimate messaging services, offering fake jobs, and repeatedly following up via email to ultimately deliver the More_eggs backdoor. These campaigns primarily targeted US companies in various industries including retail, entertainment, pharmacy, and others that commonly employ online payments, such as online shopping portals.

The actor sending these campaigns attempts to establish rapport with potential victims by abusing LinkedIn’s direct messaging service. In direct follow-up emails, the actor pretends to be from a staffing company with an offer of employment. In many cases, the actor supports the campaigns with fake websites that impersonate legitimate staffing companies. These websites, however, host the malicious payloads. In other cases, the actor uses a range of malicious attachments to distribute More_eggs."

Here is how legitimate the messages look:

linked-in-fake-message-proofpoint

And what is really unsettling here is that the cyber threat actors hit targets multiple times, almost like they're being sucked into a traditional marketing funnel.

For details on the More_eggs backdoor attack abusing the LinkedIn messaging platform, check out the new research.

And as another security awareness resource, don't miss our SecureWorld web conference, "Protecting People: Can You Identify and Protect Your VAPs (Very Attacked Persons)?".

Comments