Hackers exploiting LinkedIn’s chat, job posting tools to steal users’ data

Hackers exploiting LinkedIn's chat, job posting tools to steal users' data (Photo: AFP)


According to a study on Tuesday, hackers are using LinkedIn, which is owned by Microsoft, to spread malware that steals data by making connection requests that appear to be from people working for reputable firms.

Scammers are using LinkedIn’s chat and job posting tools to transmit links and files that are loaded with stealth malware, according to researchers from AI cyber-security startup CloudSEK.

Scammers can quickly establish contacts and establish reputation on LinkedIn because most users accept every connection request they get.

After gaining trust, the actors disseminate infected files and links, which victims open without giving it a single though.

After being opened, a stealer malware is installed on the victim’s computer, where it collects sensitive data such as passwords, credit card numbers, and other data, and sends it to the threat actors.

“This large-scale misuse of LinkedIn could be the gravest threat yet. The underlying promise of professionalism makes it easier for scammers to run campaigns at scale,” said Rahul Sasi, CEO and Founder of CloudSEK.

This is how it works.

A LinkedIn connection reaches out to you regarding a project, from a well-known company, that might be of interest to you.

The connection shares a URL or a zip file with the information stealer embedded. The file size is usually restricted to 100MB to evade antivirus or security tools.

“Once opened, the file automatically downloads the stealer malware onto your system. It then steals passwords and cookies stored on your browser,” warned the report.

The stolen credentials are then used to compromise and take over the victim’s social media and email accounts.

“We recommend that all users verify connection requests before accepting them, even if the requester is connected to someone you know,” said Sasi.

It is also important to scan documents and files shared on LinkedIn, before opening them on your systems.

(inputs from IANS)