Perfect LinkedIn Job Offer May Be Sophisticated Malware Program

(April 9, 2021) That perfect job offer you receive from LinkedIn could be a sophisticated backdoor Trojan to take over your computer, according to eSentire, a cybersecurity solutions provider.

The company found hackers are targeting professionals on LinkedIn using a malicious zip file. The hackers use the job position listed on the target’s LinkedIn profile. Attached to the email is a zip file that contains the backdoor “more_eggs,” which provides remote control access over the computer, enabling the hacker to send, receive, launch, and delete files. “More_eggs” is sold by Golden Chickens as a malware-as-a-service arrangement with cybercriminals.

Rob McLeod, senior director of eSentire’s threat response unit, said “more_eggs” is a “formidable threat” for three reasons:

• It uses normal Windows processes to run so it is not picked up by anti-virus and automated security solutions.
• It includes the target’s job position on LinkedIn, increasing the odds that the recipient will detonate the malware.
• It takes advantage of the current high unemployment rate by customizing the job description to entice the recipient to open the file.

The malware program also includes a job application in a Word file. The job application has no functional purpose in launching the malware but is used to distract the victim from the background tasks of “more_eggs.”