Hackers exploiting LinkedIn’s chat, job posting tools to steal users’ data

0

New Delhi: Microsoft-owned LinkedIn is being used by hackers to spread data stealing malware via sending connection requests in disguise of people working with reputed companies, a report showed on Tuesday.

Researchers from AI cyber-security firm CloudSEK found that scammers are exploiting LinkedIn’s chat and job posting features to share links/files that are laced with stealer malware.

Since most LinkedIn users accept any and all connection requests they receive, scammers can easily make connections and build credibility on the platform.

MS Education Academy

After building credibility, the actors share malicious files and links, which are then opened by unsuspecting victims.

Once opened, a stealer malware is deployed on the victim’s system, from which it steals passwords, credit card information, and other sensitive data, and sends it to the threat actors.

“This large-scale misuse of LinkedIn could be the gravest threat yet. The underlying promise of professionalism makes it easier for scammers to run campaigns at scale,” said Rahul Sasi, CEO and Founder of CloudSEK.

This is how it works.

A LinkedIn connection reaches out to you regarding a project, from a well-known company, that might be of interest to you.

The connection shares a URL or a zip file with the information stealer embedded. The file size is usually restricted to 100MB to evade antivirus or security tools.

“Once opened, the file automatically downloads the stealer malware onto your system. It then steals passwords and cookies stored on your browser,” warned the report.

The stolen credentials are then used to compromise and take over the victim’s social media and email accounts.

“We recommend that all users verify connection requests before accepting them, even if the requester is connected to someone you know,” said Sasi.

It is also important to scan documents and files shared on LinkedIn, before opening them on your systems.

Stay connected with us on social media platform for instant update click here to join our  Twitter, & Facebook

We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.

For all the latest Technology News Click Here 

Read original article here

Denial of responsibility! Rapidtelecast.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.
Leave a comment