Microsoft-owned LinkedIn is being used by hackers to spread data stealing malware via sending connection requests in disguise of people working with reputed companies, a report showed on Tuesday.
Researchers from AI cyber-security firm CloudSEK found that scammers are exploiting LinkedIn’s chat and job posting features to share links/files that are laced with stealer malware.
Since most LinkedIn users accept any and all connection requests they receive, scammers can easily make connections and build credibility on the platform.
After building credibility, the actors share malicious files and links, which are then opened by unsuspecting victims.
Once opened, a stealer malware is deployed on the victim’s system, from which it steals passwords, credit card information, and other sensitive data, and sends it to the threat actors.
“This large-scale misuse of LinkedIn could be the gravest threat yet. The underlying promise of professionalism makes it easier for scammers to run campaigns at scale,” said Rahul Sasi, CEO and Founder of CloudSEK.
This is how it works.
A LinkedIn connection reaches out to you regarding a project, from a well-known company, that might be of interest to you.
The connection shares a URL or a zip file with the information stealer embedded. The file size is usually restricted to 100MB to evade antivirus or security tools.
“Once opened, the file automatically downloads the stealer malware onto your system. It then steals passwords and cookies stored on your browser,” warned the report.
The stolen credentials are then used to compromise and take over the victim’s social media and email accounts.
“We recommend that all users verify connection requests before accepting them, even if the requester is connected to someone you know,” said Sasi.
It is also important to scan documents and files shared on LinkedIn, before opening them on your systems.