Hackers exploiting LinkedIn's chat, job posting tools to steal users' data


New Delhi, Aug 30 (IANS): Microsoft-owned LinkedIn is being used by hackers to spread data stealing malware via sending connection requests in disguise of people working with reputed companies, a report showed on Tuesday.

Researchers from AI cyber-security firm CloudSEK found that scammers are exploiting LinkedIn's chat and job posting features to share links/files that are laced with stealer malware.

Since most LinkedIn users accept any and all connection requests they receive, scammers can easily make connections and build credibility on the platform.

After building credibility, the actors share malicious files and links, which are then opened by unsuspecting victims.

Once opened, a stealer malware is deployed on the victim's system, from which it steals passwords, credit card information, and other sensitive data, and sends it to the threat actors.

"This large-scale misuse of LinkedIn could be the gravest threat yet. The underlying promise of professionalism makes it easier for scammers to run campaigns at scale," said Rahul Sasi, CEO and Founder of CloudSEK.

This is how it works.

A LinkedIn connection reaches out to you regarding a project, from a well-known company, that might be of interest to you.

The connection shares a URL or a zip file with the information stealer embedded. The file size is usually restricted to 100MB to evade antivirus or security tools.

"Once opened, the file automatically downloads the stealer malware onto your system. It then steals passwords and cookies stored on your browser," warned the report.

The stolen credentials are then used to compromise and take over the victim's social media and email accounts.

"We recommend that all users verify connection requests before accepting them, even if the requester is connected to someone you know," said Sasi.

It is also important to scan documents and files shared on LinkedIn, before opening them on your systems.

 

  

Top Stories


Leave a Comment

Title: Hackers exploiting LinkedIn's chat, job posting tools to steal users' data



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.