Elaborate LinkedIn Phishing Attacks Spike in Volume

A new campaign of phishing attacks is targeting LinkedIn users with surprisingly sophisticated malicious messages. The campaign is aimed at people who are currently out of a job and are looking for new opportunities, and there's obviously plenty of those in the current shrinking economy and global pandemic situation.

The new campaign was reported by security researchers working with cybersecurity company eSentire.

The new attacks are carried out using a fileless malware known as 'more_eggs'. The malware acts as a backdoor and executes a script that uses a number of system functions that end up breaching the victim's system. The current campaign uses a compressed file named with the victim's LinkedIn title. The compressed file contains a shortcut .lnk file that executes the script.

What is interesting about this attack is the sophistication and care that the bad actors put in their phishing lures. The attacks are tailored specifically to target individuals and great care has been taken to make the lure appear as legitimate as possible.

Old Tricks, More Effort

This is not the first time more_eggs has been used for phishing attacks. Back in 2019 an older version of the malware was used to target LinkedIn users once again. Back in 2019 the threat actors relied on fake profiles to contact their victims, sometimes showing considerable patience and following through on the initial contact a full week later, creating a false sense of security in their targets.

Fileless malware like more_eggs is also a very serious threat. Fileless malicious software in general is a lot harder to detect and stop. A large portion of antivirus and antimalware software functionality relies on file hashes and scanning files for patterns, which becomes impossible with fileless malware contained in the parameter box of a shortcut file.

Statistics published recently by security company WatchGuard showed that fileless malware detections have grown nearly tenfold over the past year, which shows a very focused push towards its wider use.

Rob McLeod, senior director of eSentire's threat response unit, commented that a multi-faceted approach is needed to counteract similar attacks. Employee training is still essential when it comes to end users being able to detect scams and malicious messages and attachments, even without needing to resort to the help of antimalware software. The endpoints that are compromised in the attacks should also be protected to the company's best ability, even in the current conditions, where a lot of employees work from home.

April 8, 2021