This latest LinkedIn scam sends fake job offers to lure victims in

LinkedIn
(Image credit: Shutterstock)
Audio player loading…

Users on LinkedIn (opens in new tab) have been warned about another scam that is targeting jobseekers on the social media platform.

A report (opens in new tab) from security firm eSentire has discovereda group of scam artists known as “Golden Chicken” that sends out fake job offers in an effort to infect victims with a sophisticated backdoor Trojan.

The scammers are apparently backed by advanced threat groups including FIN6, Cobalt Group and Evilnum as they look to attack those looking for a new job on LinkedIn.

Fake offers

eSentire research found that the simplest way to identify a fake job offer is to look at the file name and file type that’s been sent across to you. 

A message containing a job offer in a “Zip” file format can be the first signal, with the company also suggesting looking at the file name. It notes that for example, one file claiming to advertise a job listed as "Senior Account Executive—International Freight" came with a malicious zip file titled Senior Account Executive—International Freight position - with the "position” added at the end a major giveaway.

This compressed file contains automatically installable stealthy trojans called “more eggs” that get installed as soon as the file is unzipped, offering unrestricted access of users’ devices to the scammers.

Once these hackers get access to the device, it offers a backdoor to the scam artists to install malware of their choice including Ransomware, credential stealers, banking malware or even simply to steal user data silently.

What makes this attack lethal is the fact that this malware runs in a stealth mode and uses normal Windows processes to run hence there are chances that the anti-virus program on your computer might not even notice it.

The news comes shortly after the personal data of around 500 million LinkedIn users (opens in new tab) was found being sold on a popular hacking forum.

The hoard included LinkedIn IDs, full names, email addresses, phone numbers, genders, links to LinkedIn profiles, links to other social media profiles, and professional titles, and other work-related data - although no passwords or payment data appear to have been affected. 

  • We've also featured the best antivirus (opens in new tab) software around today
Mike Moore
Deputy Editor, TechRadar Pro

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.