As if LinkedIn messages couldn't get any worse, hackers are using them to install malware on people's PCs
Think twice (or ideally, three times) before clicking on LinkedIn links, as researchers have spotted bad actors using them to hide malicious code in seemingly innocuous files.
As reported by The Hacker News, ReliaQuest recently spotted a phishing scam that prompts a user to download a self-extracting archive. It reportedly comes with deceptive names like "Upcoming_Products.pdf" and has an attached open-source PDF reader app. In many cases, this download would come with an uncompromised RAR file, which might make the parent folder seem real.
When the reader boots it up, the file sideloads a malicious DLL file, which is placed in the same directory as legitimate ones. This not only evades detection but makes the downloaded file seem totally genuine as a result. That means one could go some time without realising their PC has been compromised.
Once up and running, that malicious DLL file pops a Python interpreter onto the system, which runs a script to create a registry Run key. This ensures that the Python interpreter is active on login to the system, and can even give remote access to the user. From there, bad actors can take information from the machine.
ReliaQuest argues that the inclusion of the open-source PDF reader signals a level of legitimacy, and using open-source tools "as threat vectors" is a new approach for bad actors. It argues that files with open-source tools both signal trust and are highly accessible—both of which can be exploited.
Though this scam attempt was caught on LinkedIn, it can happen elsewhere. The specific nod to LinkedIn is made as the 'professional' nature of the website allowed hackers to "establish trust and familiarity, increasing their chances of success by targeting high-value individuals in corporate environments."
ReliaQuest tells The Hacker News, "because this activity plays out in direct messages, and social media platforms are typically less monitored than email, it's difficult to quantify the full scale."
In light of this hacking method, ReliaQuest recommends that "organizations should implement social media-specific security awareness training to help employees identify phishing attempts and avoid risky downloads."
As is ever the case with hacking stories, it's always a good reminder to stay vigilant when it comes to the messages you open and sites you visit. At least now I have a good excuse to ignore DMs on LinkedIn.