This latest LinkedIn scam sends fake job offers to lure victims in

(Image credit: Shutterstock)

Users on LinkedIn have been warned about another scam that is targeting jobseekers on the social media platform.

A report from security firm eSentire has discovereda group of scam artists known as “Golden Chicken” that sends out fake job offers in an effort to infect victims with a sophisticated backdoor Trojan.

The scammers are apparently backed by advanced threat groups including FIN6, Cobalt Group and Evilnum as they look to attack those looking for a new job on LinkedIn.

Fake offers

eSentire research found that the simplest way to identify a fake job offer is to look at the file name and file type that’s been sent across to you. 

A message containing a job offer in a “Zip” file format can be the first signal, with the company also suggesting looking at the file name. It notes that for example, one file claiming to advertise a job listed as "Senior Account Executive—International Freight" came with a malicious zip file titled Senior Account Executive—International Freight position - with the "position” added at the end a major giveaway.

This compressed file contains automatically installable stealthy trojans called “more eggs” that get installed as soon as the file is unzipped, offering unrestricted access of users’ devices to the scammers.

Once these hackers get access to the device, it offers a backdoor to the scam artists to install malware of their choice including Ransomware, credential stealers, banking malware or even simply to steal user data silently.

What makes this attack lethal is the fact that this malware runs in a stealth mode and uses normal Windows processes to run hence there are chances that the anti-virus program on your computer might not even notice it.

The news comes shortly after the personal data of around 500 million LinkedIn users was found being sold on a popular hacking forum.

The hoard included LinkedIn IDs, full names, email addresses, phone numbers, genders, links to LinkedIn profiles, links to other social media profiles, and professional titles, and other work-related data - although no passwords or payment data appear to have been affected. 

Jitendra Soni

Jitendra has been working in the Internet Industry for the last 7 years now and has written about a wide range of topics including gadgets, smartphones, reviews, games, software, apps, deep tech, AI, and consumer electronics.