New attack puts LinkedIn users at risk
LinkedIn is one of the social networks with the most users in Spain. Is a job search platform mainly. Here, private users create a profile where they indicate their skills, studies, experience … At the same time that companies apply for certain positions.
Keep in mind that on a platform like LinkedIn there are many personal information that users can have. This means that in the event of a leak or attack, privacy can be seriously compromised.
What is this new hack used by hackers? They basically try to carry out Phishing attacks to steal passwords. They use decoys that consist of fictitious works. They look for information on the victim’s profile, of jobs that may be related, and they pose as a supposedly legitimate company and send a link to the information of that job.
However, as we can imagine, that link contains malware, it is a Phishing attack for steal the keys or any other threat that can compromise the privacy of users. One of the main strategies is to get the user, the ultimate victim, to download a tool known as more_eggs. It is actually a backdoor program, a script, that executes different functions to compromise the security of the computers.
They usually send a archivo ZIP through these links. That file is named after the alleged job offer. It contains an LNK file that, when run, seriously compromises the computer.
One of the most important problems is that they take care of the details. These attacks are totally personalized. They obtain information from the victim to make the attacks more credible and to better achieve their objectives.
The attackers belong to a group called Golden Chickens. They are perfecting their techniques to sneak in this backdoor, this remote access Trojan, to control victims’ computers.
How to avoid falling victim to these LinkedIn attacks
It is important to take into account certain tips to avoid being victims of attacks by LinkedIn and any other social network. For example, we must always have a good antivirus that prevents the entry of malware that compromises our systems. There are many varieties of malicious software that are present on the web. Keeping social media safe is essential.
We must also maintain the equipment properly updated. Many of these attacks are based on vulnerabilities that are present in the system. We must correct them and thus prevent them from being exploited by third parties.
On the other hand, the common sense must be present at all times. Perhaps the most important of all. Many of the threats will require the interaction of the victim. This means that they need us to carry out the download of some file, for example.